CVE Catalog

CVE-2026-13601

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) in yelp-xsl. A malicious Flatpak application can open crafted help content via the OpenURI portal, embedding an untrusted CSS stylesheet within a structured SVG document to bypass Flatpak's sandbox isolation and disclose arbitrary user-readable host files through remote CSS resource requests.

Risk Assessment

The risk involves unauthorized disclosure of sensitive information from the host filesystem, such as configuration files, credentials, or other sensitive data accessible to the user.

Recommendation

Update yelp-xsl to a version with a tightened CSP and consider restricting Flatpak application permissions to open help content.

Original NVD description (English source)

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS