CVE-2026-13601
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.1 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Description
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-693
Source
NVD
Vendor
Red Hat
Product
Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
External References
- https://access.redhat.com/security/cve/CVE-2026-13601
- https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/
- https://bugzilla.redhat.com/show_bug.cgi?id=2494110
- https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639
- https://gitlab.gnome.org/GNOME/yelp/-/work_items/238
Discussion (0)
Add Comment
No comments yet. Be the first!