CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

OESA-2026-2182 xdg-desktop-portal security update

xdg-desktop-portal works by exposing a series of D-Bus interfaces known as portals under a well-known name org.freedesktop.portal.Desktop and object path /org/freedesktop/portal/desktop. The portal interfaces include APIs for file access, opening URIs, printing and others. Security Fixes: Flatpak...

XDG Desktop Portal 安全漏洞

XDG Desktop Portal is a frontend service for the desktop application sandbox environment developed by Flatpak. Versions of XDG Desktop Portal prior to 1.20.4 and 1.21.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any Flatpak application to manipulate...