Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web...

9.3 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Description

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is incomplete. Any web app packaged with Pulpy can read and write arbitrary files in the user's home directory — including ~/.ssh/id_rsa, ~/.aws/credentials, and ~/Library/Keychains/. This vulnerability is fixed in 0.1.1.

Basic Information

ID CVE-2026-44225

Source GitHub_M

Published May 12, 2026 at 20:02

Affected Product

Vendor enesgkky

Product Pulpy

Version < 0.1.1

Affected Versions enesgkky Pulpy < 0.1.1

CWE Classification

CWE-22 CWE-284

References

github.com /enesgkky/Pulpy/security/advisories/GHSA-h9q2-w73v-g7hf

{
    "lastseen": "",
    "description": "Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is incomplete. Any web app packaged with Pulpy can read and write arbitrary files in the user's home directory \u2014 including ~/.ssh/id_rsa, ~/.aws/credentials, and ~/Library/Keychains/. This vulnerability is fixed in 0.1.1.",
    "published": "2026-05-12T20:02:44.051Z",
    "modified": "2026-05-12T20:02:44.051Z",
    "type": "cve",
    "title": "Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files",
    "source": "GitHub_M",
    "references": "https://github.com/enesgkky/Pulpy/security/advisories/GHSA-h9q2-w73v-g7hf",
    "id": "CVE-2026-44225",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "enesgkky Pulpy < 0.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pulpy",
    "version": "< 0.1.1",
    "vendor": "enesgkky",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files_CVE-2026-44225