Content Security Policy Bypass in Yelp via Flatpak

Executive Summary

CVE-2026-13601 is a security flaw in Yelp, specifically related to an overly permissive Content Security Policy (CSP) in the yelp-xsl component. This vulnerability allows a malicious Flatpak application to bypass sandbox restrictions by exploiting the OpenURI portal to open crafted help content in Yelp.

The attack involves embedding an untrusted CSS stylesheet within a structured SVG document inside the help content. This enables the attacker to make Yelp evaluate local XML inclusions and disclose arbitrary user-readable files from the host system by exfiltrating them through remote CSS resource requests.

Essentially, a sandboxed Flatpak app can escape its sandbox by abusing Yelp's handling of help files, leading to unauthorized disclosure of sensitive host files.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information from the host system. A malicious Flatpak application can exploit Yelp to read arbitrary files on the host and send their contents to a remote server without user interaction.

Because the exploit bypasses Flatpak's sandbox isolation, it significantly increases the attack surface and risk compared to typical sandboxed application vulnerabilities.

The impact includes potential exposure of confidential data, privacy breaches, and compromise of system integrity due to unauthorized file access.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves monitoring for unusual activity related to Yelp and Flatpak applications, especially the use of the org.freedesktop.portal.OpenURI portal to open help files without user interaction.

You can check for suspicious OpenURI portal calls or Yelp invocations triggered by Flatpak apps by examining Flatpak logs or system logs.

Commands to help detect potential exploitation attempts might include:

• Use journalctl to review Flatpak and Yelp related logs: sudo journalctl -u flatpak -f or sudo journalctl | grep yelp
• Monitor network traffic for unusual outbound CSS resource requests from Yelp processes, for example using tcpdump or Wireshark filtering on Yelp's network activity.
• Check for unexpected Yelp processes running with commands like: ps aux | grep yelp

Since the vulnerability involves crafted help files loaded via the OpenURI portal, auditing Flatpak applications that use this portal and verifying their permissions can also help detect potential exploitation.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the use of the org.freedesktop.portal.OpenURI portal for Flatpak applications to prevent them from opening help files via Yelp without user interaction.

Updating Yelp and yelp-xsl components to versions that fix the overly permissive Content Security Policy (CSP) is critical.

Additionally, applying any available security patches from your Linux distribution or Flatpak maintainers that address this vulnerability should be prioritized.

As a temporary measure, consider limiting network access for Yelp processes to prevent exfiltration of sensitive files via remote CSS resource requests.

Review and audit installed Flatpak applications for untrusted or suspicious apps that could exploit this vulnerability.

Useful 0 Not Useful 0