A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-13601 represents a critical sandbox escape vulnerability in Yelp stemming from an overly permissive Content Security Policy (CSP) implementation. By combining multiple weaknesses—insufficient CSP restrictions, SVG parsing vulnerabilities, and Flatpak sandbox misconfiguration—an attacker can craft malicious help content that embeds untrusted CSS stylesheets. When processed by Yelp through the OpenURI portal, this enables local XML inclusion attacks and arbitrary file disclosure. While MITRE ATT&CK mapping is unavailable for this CVE, the attack chain involves credential access techniques (T1552: Unsecured Credentials) through file disclosure and defense evasion (T1036: Masquerading) via CSS obfuscation. Organizations deploying Yelp in restricted environments—particularly those relying on Flatpak sandboxing for security—face immediate risk of local data exfiltration and host file access.
Casky's extended reasoning capabilities would detect this vulnerability pattern by analyzing the intersection of web security misconfigurations and sandbox escape indicators. Practitioners would observe findings related to improper implementation of client-side controls (CWE-693), where CSP directives fail to restrict stylesheet sources adequately. Advanced detection would flag the multi-stage attack chain: identifying OpenURI portal invocations with untrusted content sources, detecting SVG documents containing external resource references, and correlating unusual CSS resource requests to local file paths. While MITRE technique mapping is limited here, Casky would correlate this with broader defense evasion and data exfiltration patterns, allowing security teams to implement compensating controls such as strict CSP policies, SVG sanitization, and enhanced Flatpak sandbox configuration audits.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-13601. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation