CVE-2026-13601

Source
https://cve.org/CVERecord?id=CVE-2026-13601
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13601.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-13601
Downstream
Published
2026-06-29T09:20:40.865Z
Modified
2026-07-09T04:01:31.053610058Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
Summary
Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications
Details

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/13xxx/CVE-2026-13601.json",
    "cwe_ids": [
        "CWE-693"
    ],
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/gnome/yelp

Affected ranges

Type
GIT
Repo
https://github.com/gnome/yelp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "49.1"
        }
    ]
}

Affected versions

2.*
2.27.1
2.27.2
2.27.3
2.31.1
2.31.2
2.31.6
2.31.7
2.91.10
2.91.8
2.91.9
2.91.90
2.91.91
2.91.92
3.*
3.0.0
3.0.1
3.0.2
3.1.1
3.1.2
3.1.3
3.1.4
3.10.0
3.10.1
3.11.1
3.13.3
3.13.90
3.13.92
3.14.0
3.14.1
3.15.90
3.15.91
3.16.0
3.17.2
3.17.3
3.17.4
3.17.90
3.17.91
3.18.0
3.18.1
3.19.1
3.19.90
3.19.91
3.2.0
3.20.0
3.20.1
3.21.3
3.22.0
3.25.3
3.26.0
3.27.1
3.28.0
3.28.1
3.3.1
3.3.2
3.3.3
3.3.4
3.3.92
3.30.0
3.31.90
3.32.0
3.32.1
3.32.2
3.33.92
3.34.0
3.36.0
3.37.90
3.38.0
3.38.1
3.4.0
3.4.1
3.4.2
3.5.90
3.5.91
3.5.92
3.6.0
3.6.1
3.7.3
3.7.4
3.7.90
3.8.0
3.8.1
3.9.90
3.9.91
40.*
40.0
40.2
40.beta
40.rc
41.*
41.0
41.1
41.beta
41.beta2
42.*
42.0
42.1
42.2
42.3
42.beta
49.*
49.0
49.beta
49.rc
Other
BEFORE_DROPPING_GECKO_1_7
DROOLING_MACAQUE
EAZEL-NAUTILUS-DEMO-BLESSED
EAZEL-NAUTILUS-MS-AUG07
EAZEL-NAUTILUS-MS-JUL12
EAZEL-NAUTILUS-MS-JULY_5
EAZEL_DEMO_1_ANCHOR
EAZEL_NAUTILUS_DEMO_2_ANCHOR
FOR_GNOME_0_99_1
GGV_0_61
GNOME_0_20
GNOME_0_20a
GNOME_0_25
GNOME_0_27
GNOME_0_28_MARTIN
GNOME_0_30
GNOME_0_99_2
GNOME_0_99_3
GNOME_0_99_7
GNOME_0_99_8
GNOME_0_99_8_1
GNOME_2_14_BRANCH
GNOME_2_2_BRANCHPOINT
GNOME_CORE_1_0_0_1
GNOME_CORE_1_0_1
GNOME_CORE_1_0_3
GNOME_CORE_1_0_4
GNOME_CORE_1_0_5
GNOME_CORE_1_0_6
GNOME_CORE_1_0_7
GNOME_CORE_1_0_8
GNOME_CORE_1_0_9
GNOME_CORE_1_0_ANCHOR
GNOME_CORE_1_1_0
GNOME_STABLE_ANCHOR
INSTALLER_PR3_ANCHOR
LIBGNOME_1_105_0
LIBGNOME_1_107_0
LIBGNOME_1_108_0
LIBGNOME_1_109_0
LIBGNOME_1_109_1
LIBGNOME_1_110_0
LIBGNOME_1_111_0
LIBGNOME_1_112_0
LIBGNOME_1_112_1
LIBGNOME_1_113_0
LIBGNOME_1_114_0
LIBGNOME_1_115_0
LIBGNOME_1_116_0
LIBGNOME_1_117_0
LIBGNOME_1_117_1
LIBGNOME_1_117_2
LIBGNOME_2_0_0
LIBGNOME_2_0_1
LIBGNOME_2_0_2
LIBGNOME_2_0_3
LIBGNOME_2_0_4
LIBGNOME_2_0_5
LIBGNOME_2_0_6
LIBGNOME_2_1_0
LIBGNOME_2_1_1
LIBGNOME_2_1_2
LIBGNOME_2_1_4
LIBGNOME_2_1_5
LIBGNOME_2_1_90
LIBGNOME_2_2_0
LIBGNOME_2_2_0_1
LIBGNOME_2_3_0
LIBGNOME_2_3_3
LIBGNOME_2_3_3_1
MJS_PATCHES_TO_REDHAT_PATCHES_ANCHOR
NAUTILUS-NEW-UIH-BRANCH_ANCHOR
NAUTILUS_0_1_0
NAUTILUS_0_5
NAUTILUS_0_8
NAUTILUS_0_8_2
NAUTILUS_1_0_3
NAUTILUS_1_0_4
NAUTILUS_1_0_5
NAUTILUS_1_ANCHOR
NAUTILUS_PR2_ANCHOR
NAUTILUS_PR3_ANCHOR
NAUTILUS_UIH_MERGE_BASE
PANTING_CHIMPANZEE
POST_1_0_MERGE
PRE_1_0_MERGE
PRE_PANEL2
RAK_SOUNDVIEW_ANCHOR
REDHAT_MERGE_BRANCHPOINT
REDHAT_OUTSTANDING_PATCHES_BRANCHPOINT
V0_1
YELP_0_10
YELP_0_2
YELP_0_2_1
YELP_0_3
YELP_0_4
YELP_0_5
YELP_0_6
YELP_0_6_1
YELP_0_7
YELP_0_8
YELP_0_9
YELP_0_9_1
YELP_1_0
YELP_1_0_1
YELP_1_0_2
YELP_1_0_3
YELP_1_0_4
YELP_1_0_5
YELP_1_0_6
YELP_2_10_0
YELP_2_11_1
YELP_2_11_92
YELP_2_12_0
YELP_2_12_1
YELP_2_13_1
YELP_2_13_2
YELP_2_13_3
YELP_2_13_4
YELP_2_13_5
YELP_2_13_6
YELP_2_14_0
YELP_2_15_1
YELP_2_15_2
YELP_2_15_3
YELP_2_15_4
YELP_2_15_5
YELP_2_15_91
YELP_2_16_0
YELP_2_16_1
YELP_2_16_2
YELP_2_18_0
YELP_2_18_1
YELP_2_19_1
YELP_2_19_90
YELP_2_1_0
YELP_2_1_2
YELP_2_1_3
YELP_2_1_4
YELP_2_1_5
YELP_2_20_0
YELP_2_21_1
YELP_2_21_2
YELP_2_21_90
YELP_2_22_0
YELP_2_22_1
YELP_2_23_1
YELP_2_23_2
YELP_2_23_91
YELP_2_24_0
YELP_2_25_1
YELP_2_26_0
YELP_2_3_0
YELP_2_3_3
YELP_2_3_4
YELP_2_3_6
YELP_2_5_0
YELP_2_5_1
YELP_2_5_2
YELP_2_5_2_1
YELP_2_5_3
YELP_2_5_4
YELP_2_5_5
YELP_2_5_6
YELP_2_5_90
YELP_2_5_91
YELP_2_6_0
YELP_2_9_1
YELP_2_9_2
YELP_2_9_3
YELP_DOCUMENT_BRANCHPOINT
before-trilobite-move
before_GNOME_2_0
mjs_pre_great_renaming
nautilus_ms_may_31

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13601.json"

Git / gitlab.gnome.org/gnome/yelp

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/gnome/yelp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "49.1"
        }
    ]
}

Affected versions

2.*
2.27.1
2.27.2
2.27.3
2.31.1
2.31.2
2.31.6
2.31.7
2.91.10
2.91.8
2.91.9
2.91.90
2.91.91
2.91.92
3.*
3.0.0
3.0.1
3.0.2
3.1.1
3.1.2
3.1.3
3.1.4
3.10.0
3.10.1
3.11.1
3.13.3
3.13.90
3.13.92
3.14.0
3.14.1
3.15.90
3.15.91
3.16.0
3.17.2
3.17.3
3.17.4
3.17.90
3.17.91
3.18.0
3.18.1
3.19.1
3.19.90
3.19.91
3.2.0
3.20.0
3.20.1
3.21.3
3.22.0
3.25.3
3.26.0
3.27.1
3.28.0
3.28.1
3.3.1
3.3.2
3.3.3
3.3.4
3.3.92
3.30.0
3.31.90
3.32.0
3.32.1
3.32.2
3.33.92
3.34.0
3.36.0
3.37.90
3.38.0
3.38.1
3.4.0
3.4.1
3.4.2
3.5.90
3.5.91
3.5.92
3.6.0
3.6.1
3.7.3
3.7.4
3.7.90
3.8.0
3.8.1
3.9.90
3.9.91
40.*
40.0
40.2
40.beta
40.rc
41.*
41.0
41.1
41.beta
41.beta2
42.*
42.0
42.1
42.2
42.3
42.beta
49.*
49.0
49.beta
49.rc
Other
BEFORE_DROPPING_GECKO_1_7
DROOLING_MACAQUE
EAZEL-NAUTILUS-DEMO-BLESSED
EAZEL-NAUTILUS-MS-AUG07
EAZEL-NAUTILUS-MS-JUL12
EAZEL-NAUTILUS-MS-JULY_5
EAZEL_DEMO_1_ANCHOR
EAZEL_NAUTILUS_DEMO_2_ANCHOR
FOR_GNOME_0_99_1
GGV_0_61
GNOME_0_20
GNOME_0_20a
GNOME_0_25
GNOME_0_27
GNOME_0_28_MARTIN
GNOME_0_30
GNOME_0_99_2
GNOME_0_99_3
GNOME_0_99_7
GNOME_0_99_8
GNOME_0_99_8_1
GNOME_2_14_BRANCH
GNOME_2_2_BRANCHPOINT
GNOME_CORE_1_0_0_1
GNOME_CORE_1_0_1
GNOME_CORE_1_0_3
GNOME_CORE_1_0_4
GNOME_CORE_1_0_5
GNOME_CORE_1_0_6
GNOME_CORE_1_0_7
GNOME_CORE_1_0_8
GNOME_CORE_1_0_9
GNOME_CORE_1_0_ANCHOR
GNOME_CORE_1_1_0
GNOME_STABLE_ANCHOR
INSTALLER_PR3_ANCHOR
LIBGNOME_1_105_0
LIBGNOME_1_107_0
LIBGNOME_1_108_0
LIBGNOME_1_109_0
LIBGNOME_1_109_1
LIBGNOME_1_110_0
LIBGNOME_1_111_0
LIBGNOME_1_112_0
LIBGNOME_1_112_1
LIBGNOME_1_113_0
LIBGNOME_1_114_0
LIBGNOME_1_115_0
LIBGNOME_1_116_0
LIBGNOME_1_117_0
LIBGNOME_1_117_1
LIBGNOME_1_117_2
LIBGNOME_2_0_0
LIBGNOME_2_0_1
LIBGNOME_2_0_2
LIBGNOME_2_0_3
LIBGNOME_2_0_4
LIBGNOME_2_0_5
LIBGNOME_2_0_6
LIBGNOME_2_1_0
LIBGNOME_2_1_1
LIBGNOME_2_1_2
LIBGNOME_2_1_4
LIBGNOME_2_1_5
LIBGNOME_2_1_90
LIBGNOME_2_2_0
LIBGNOME_2_2_0_1
LIBGNOME_2_3_0
LIBGNOME_2_3_3
LIBGNOME_2_3_3_1
MJS_PATCHES_TO_REDHAT_PATCHES_ANCHOR
NAUTILUS-NEW-UIH-BRANCH_ANCHOR
NAUTILUS_0_1_0
NAUTILUS_0_5
NAUTILUS_0_8
NAUTILUS_0_8_2
NAUTILUS_1_0_3
NAUTILUS_1_0_4
NAUTILUS_1_0_5
NAUTILUS_1_ANCHOR
NAUTILUS_PR2_ANCHOR
NAUTILUS_PR3_ANCHOR
NAUTILUS_UIH_MERGE_BASE
PANTING_CHIMPANZEE
POST_1_0_MERGE
PRE_1_0_MERGE
PRE_PANEL2
RAK_SOUNDVIEW_ANCHOR
REDHAT_MERGE_BRANCHPOINT
REDHAT_OUTSTANDING_PATCHES_BRANCHPOINT
V0_1
YELP_0_10
YELP_0_2
YELP_0_2_1
YELP_0_3
YELP_0_4
YELP_0_5
YELP_0_6
YELP_0_6_1
YELP_0_7
YELP_0_8
YELP_0_9
YELP_0_9_1
YELP_1_0
YELP_1_0_1
YELP_1_0_2
YELP_1_0_3
YELP_1_0_4
YELP_1_0_5
YELP_1_0_6
YELP_2_10_0
YELP_2_11_1
YELP_2_11_92
YELP_2_12_0
YELP_2_12_1
YELP_2_13_1
YELP_2_13_2
YELP_2_13_3
YELP_2_13_4
YELP_2_13_5
YELP_2_13_6
YELP_2_14_0
YELP_2_15_1
YELP_2_15_2
YELP_2_15_3
YELP_2_15_4
YELP_2_15_5
YELP_2_15_91
YELP_2_16_0
YELP_2_16_1
YELP_2_16_2
YELP_2_18_0
YELP_2_18_1
YELP_2_19_1
YELP_2_19_90
YELP_2_1_0
YELP_2_1_2
YELP_2_1_3
YELP_2_1_4
YELP_2_1_5
YELP_2_20_0
YELP_2_21_1
YELP_2_21_2
YELP_2_21_90
YELP_2_22_0
YELP_2_22_1
YELP_2_23_1
YELP_2_23_2
YELP_2_23_91
YELP_2_24_0
YELP_2_25_1
YELP_2_26_0
YELP_2_3_0
YELP_2_3_3
YELP_2_3_4
YELP_2_3_6
YELP_2_5_0
YELP_2_5_1
YELP_2_5_2
YELP_2_5_2_1
YELP_2_5_3
YELP_2_5_4
YELP_2_5_5
YELP_2_5_6
YELP_2_5_90
YELP_2_5_91
YELP_2_6_0
YELP_2_9_1
YELP_2_9_2
YELP_2_9_3
YELP_DOCUMENT_BRANCHPOINT
before-trilobite-move
before_GNOME_2_0
mjs_pre_great_renaming
nautilus_ms_may_31

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13601.json"