CVE-2026-13601 HIGH

CVE-2026-13601: Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-693
Published June 29, 2026
Last update June 30, 2026

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

Key dates

02Disclosure timeline

June 29, 2026 CVE published
June 30, 2026 Record updated