CVE-2026-13601

EUVD-2026-40066

29.06.2026, 10:16

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

yelp

bookworm	vulnerable
bookworm (security)	42.2-1+deb12u2 fixed
bullseye	vulnerable
bullseye (security)	3.38.3-1+deb11u2 fixed
forky	49.1-1 fixed
sid	49.1-1 fixed
trixie	vulnerable
trixie (security)	42.2-4+deb13u1 fixed

Common Weakness Enumeration

CWE-693 - Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

https://access.redhat.com/security/cve/CVE-2026-13601

https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/

https://bugzilla.redhat.com/show_bug.cgi?id=2494110

https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639

https://gitlab.gnome.org/GNOME/yelp/-/work_items/238