Node.js Permission Model Unix Domain Socket Network Restriction Bypass

This repository is a working proof-of-concept exploit for CVE-2026-21636, a Node.js permission model bypass affecting local TCP/UDS connectivity. The repo contains a Python exploit client (exploit.py) and a self-contained vulnerable lab under vuln_server/. The lab launches two Node.js processes under supervisord: a sandboxed Express server (server.mjs) started with --permission --allow-fs-read=/ and no --allow-net, and an unsandboxed helper process (target.cjs). The vulnerable web server exposes GET /pid, which returns the helper PID from /tmp/target.pid, and POST /language, which dynamically imports attacker-controlled input. The exploit abuses the import sink with a data:text/javascript payload to achieve arbitrary JavaScript execution inside the sandboxed process. It then sends SIGUSR1 to the unsandboxed helper process to enable the V8 inspector on 127.0.0.1:9229, uses fetch('http://127.0.0.1:9229/json') and a WebSocket connection to ws://127.0.0.1:9229/<id> from inside the sandboxed process, and leverages the Chrome DevTools Protocol Runtime.evaluate method to run process.mainModule.require('child_process').execSync('cat /app/secret.txt').toString() in the unsandboxed process. This demonstrates that localhost network access succeeds despite the absence of --allow-net, allowing a sandbox escape/pivot to arbitrary command execution. The repository is not part of a known exploit framework, is not merely a detector, and is best classified as an operational PoC with a hardcoded payload and a reproducible Docker environment.