← All CVEs

CVE-2026-13601

HIGH 7.1

Published 2026-06-29 · Last modified 2026-06-30

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

ELEVATED IMPACT

Severe if exploited (CVSS 7.1), but no known exploitation and low modeled probability. Patch on a normal cadence.

Exploitation likelihood

0.1%chance of exploitation in 30 days · 4th percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

7.1CVSS 3.1 · HIGH

  • ConfidentialityHigh
  • IntegrityNone
  • AvailabilityNone

What an attacker needs

  • Access: Requires local access to the host
  • Privileges: No account or privileges required
  • User interaction: No user interaction needed
  • Complexity: No special conditions — reliably repeatable

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Red Hat

Products Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9

Weakness (CWE)

  • CWE-693

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Sources: NVD · CVE.org · EPSS