CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*

History

08 Jul 2026, 03:36

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2026-13601 - () https://access.redhat.com/security/cve/CVE-2026-13601 - Vendor Advisory
References () https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/ - () https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/ - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2494110 - () https://bugzilla.redhat.com/show_bug.cgi?id=2494110 - Issue Tracking, Vendor Advisory
References () https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639 - () https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639 - Patch
References () https://gitlab.gnome.org/GNOME/yelp/-/work_items/238 - () https://gitlab.gnome.org/GNOME/yelp/-/work_items/238 - Issue Tracking, Mitigation, Third Party Advisory
References () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-13601.json - () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-13601.json - Vendor Advisory
First Time Gnome
Gnome yelp
Redhat enterprise Linux
Redhat

30 Jun 2026, 03:17

Type Values Removed Values Added
References
  • () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-13601.json -
References () https://access.redhat.com/security/cve/CVE-2026-13601 - () https://access.redhat.com/security/cve/CVE-2026-13601 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2494110 - () https://bugzilla.redhat.com/show_bug.cgi?id=2494110 -

29 Jun 2026, 10:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-29 10:16

Updated : 2026-07-15 02:18


NVD link : CVE-2026-13601

Mitre link : CVE-2026-13601

CVE.ORG link : CVE-2026-13601


JSON object : View

Products Affected

gnome

  • yelp

redhat

  • enterprise_linux
CWE
CWE-693

Protection Mechanism Failure