A vulnerability has been found in stoatchat up to 0.13.x and classified as critical. This affects the function
url_is_blacklisted. This manipulation causes server-side request forgery.
This vulnerability is registered as CVE-2026-63088. Remote exploitation of the attack is possible. No exploit is available.