A vulnerability described as critical has been identified in activitypub_federation. Impacted is the function v4_is_invalid. Executing a manipulation can lead to server-side request forgery.

This vulnerability is tracked as CVE-2026-33693. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.