CVE-2026-13601

HIGH

Yelp yelp-xsl - Host File Disclosure via Flatpak OpenURI

Title source: manual
STIX 2.1

Description

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

Scores

CVSS v3 7.1
EPSS 0.0012
EPSS Percentile 2.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-693
Status published
Products (10)
gnome/yelp < 49.1
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
redhat/enterprise_linux 6.0
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
redhat/enterprise_linux 9.0
Published Jun 29, 2026
Tracked Since Jun 29, 2026