A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.
References
| Link | Resource |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-13601 | Vendor Advisory |
| https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/ | Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2494110 | Issue Tracking Vendor Advisory |
| https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639 | Patch |
| https://gitlab.gnome.org/GNOME/yelp/-/work_items/238 | Issue Tracking Mitigation Third Party Advisory |
| https://access.redhat.com/security/cve/CVE-2026-13601 | Vendor Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2494110 | Issue Tracking Vendor Advisory |
| https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-13601.json | Vendor Advisory |
Configurations
History
08 Jul 2026, 03:36
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
| References | () https://access.redhat.com/security/cve/CVE-2026-13601 - Vendor Advisory | |
| References | () https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/ - Third Party Advisory | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2494110 - Issue Tracking, Vendor Advisory | |
| References | () https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639 - Patch | |
| References | () https://gitlab.gnome.org/GNOME/yelp/-/work_items/238 - Issue Tracking, Mitigation, Third Party Advisory | |
| References | () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-13601.json - Vendor Advisory | |
| First Time |
Gnome
Gnome yelp Redhat enterprise Linux Redhat |
30 Jun 2026, 03:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| References | () https://access.redhat.com/security/cve/CVE-2026-13601 - | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2494110 - |
29 Jun 2026, 10:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-29 10:16
Updated : 2026-07-15 02:18
NVD link : CVE-2026-13601
Mitre link : CVE-2026-13601
CVE.ORG link : CVE-2026-13601
JSON object : View
Products Affected
gnome
- yelp
redhat
- enterprise_linux
CWE
CWE-693
Protection Mechanism Failure
