A vulnerability was found in kLOsk adloop up to 0.9.0. It has been rated as critical. This vulnerability affects the function _validate_urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final_url results in server-side request forgery.

This vulnerability was named CVE-2026-15525. The attack may be initiated remotely. In addition, an exploit is available.

Upgrading the affected component is advised.