Nixpkgs security tracker

Published

Permalink CVE-2026-13601

7.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 8 hours ago by @LeSuisse Activity log

Created suggestion 17 hours ago
@LeSuisse ignored
2 packages
- yelp
- yelp-tools
8 hours ago
@LeSuisse accepted 8 hours ago
@LeSuisse published on GitHub 8 hours ago

Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

References

https://access.redhat.com/security/cve/CVE-2026-13601 vdb-entryx_refsource_REDHAT
https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/
RHBZ#2494110 x_refsource_REDHATissue-tracking
https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43e…
https://gitlab.gnome.org/GNOME/yelp/-/work_items/238

Affected products

yelp

Matching in nixpkgs

pkgs.yelp-xsl

Yelp's universal stylesheets for Mallard and DocBook

nixos-unstable 49.0
- nixpkgs-unstable 49.0
- nixos-unstable-small 49.0
nixos-26.05 49.0
- nixos-26.05-small 49.0
- nixpkgs-26.05-darwin 49.0

Ignored packages (2)

pkgs.yelp

Help viewer for GNOME

nixos-unstable 49.0
- nixpkgs-unstable 49.0
- nixos-unstable-small 49.0
nixos-26.05 49.0
- nixos-26.05-small 49.0
- nixpkgs-26.05-darwin 49.0

pkgs.yelp-tools

Small programs that help you create, edit, manage, and publish your Mallard or DocBook documentation

nixos-unstable 42.1
- nixpkgs-unstable 42.1
- nixos-unstable-small 42.1
nixos-26.05 42.1
- nixos-26.05-small 42.1
- nixpkgs-26.05-darwin 42.1

Package maintainers

@bobby285271 Bobby Rong <rjl931189261@126.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>

Suggestions search