A vulnerability was found in kLOsk adloop up to 0.9.0. It has been rated as critical. This vulnerability affects the function
_validate_urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final_url results in server-side request forgery.
This vulnerability was named CVE-2026-15525. The attack may be initiated remotely. In addition, an exploit is available.
Upgrading the affected component is advised.