CVE-2026-13601
Analyzed Analyzed - Analysis Complete

Content Security Policy Bypass in Yelp via Flatpak

Vulnerability report for CVE-2026-13601, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-29

Last updated on: 2026-07-15

Assigner: Red Hat, Inc.

Description

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-07-15
Generated
2026-07-19
AI Q&A
2026-06-29
EPSS Evaluated
2026-07-18
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
gnome yelp to 49.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-13601 is a security flaw in Yelp, specifically related to an overly permissive Content Security Policy (CSP) in the yelp-xsl component. This vulnerability allows a malicious Flatpak application to bypass sandbox restrictions by exploiting the OpenURI portal to open crafted help content in Yelp.

The attack involves embedding an untrusted CSS stylesheet within a structured SVG document inside the help content. This enables the attacker to make Yelp evaluate local XML inclusions and disclose arbitrary user-readable files from the host system by exfiltrating them through remote CSS resource requests.

Essentially, a sandboxed Flatpak app can escape its sandbox by abusing Yelp's handling of help files, leading to unauthorized disclosure of sensitive host files.

Detection Guidance

Detection of this vulnerability involves monitoring for unusual activity related to Yelp and Flatpak applications, especially the use of the org.freedesktop.portal.OpenURI portal to open help files without user interaction.

You can check for suspicious OpenURI portal calls or Yelp invocations triggered by Flatpak apps by examining Flatpak logs or system logs.

Commands to help detect potential exploitation attempts might include:

  • Use journalctl to review Flatpak and Yelp related logs: sudo journalctl -u flatpak -f or sudo journalctl | grep yelp
  • Monitor network traffic for unusual outbound CSS resource requests from Yelp processes, for example using tcpdump or Wireshark filtering on Yelp's network activity.
  • Check for unexpected Yelp processes running with commands like: ps aux | grep yelp

Since the vulnerability involves crafted help files loaded via the OpenURI portal, auditing Flatpak applications that use this portal and verifying their permissions can also help detect potential exploitation.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information from the host system. A malicious Flatpak application can exploit Yelp to read arbitrary files on the host and send their contents to a remote server without user interaction.

Because the exploit bypasses Flatpak's sandbox isolation, it significantly increases the attack surface and risk compared to typical sandboxed application vulnerabilities.

The impact includes potential exposure of confidential data, privacy breaches, and compromise of system integrity due to unauthorized file access.

Compliance Impact

This vulnerability allows unauthorized disclosure of sensitive user-readable host files by bypassing sandbox isolation through Yelp's overly permissive Content Security Policy. Such unauthorized data exposure can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over the confidentiality and integrity of personal and sensitive information.

Because the vulnerability enables exfiltration of arbitrary host files without user interaction or consent, it increases the risk of non-compliance with standards that require safeguarding sensitive data against unauthorized access and disclosure.

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the use of the org.freedesktop.portal.OpenURI portal for Flatpak applications to prevent them from opening help files via Yelp without user interaction.

Updating Yelp and yelp-xsl components to versions that fix the overly permissive Content Security Policy (CSP) is critical.

Additionally, applying any available security patches from your Linux distribution or Flatpak maintainers that address this vulnerability should be prioritized.

As a temporary measure, consider limiting network access for Yelp processes to prevent exfiltration of sensitive files via remote CSS resource requests.

Review and audit installed Flatpak applications for untrusted or suspicious apps that could exploit this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13601. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart