A vulnerability has been found in stoatchat up to 0.13.x and classified as critical. This affects the function url_is_blacklisted. This manipulation causes server-side request forgery.

This vulnerability is registered as CVE-2026-63088. Remote exploitation of the attack is possible. No exploit is available.