CVE-2026-13601

Public on 2026-06-29
Modified on 2026-07-01
Description
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core yelp Pending Fix
Amazon Linux 2 - Core yelp-tools Not Affected
Amazon Linux 2023 yelp-tools Not Affected
Amazon Linux 2 - Core yelp-xsl Not Affected
Amazon Linux 2023 yelp-xsl Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N