A vulnerability categorized as critical has been discovered in fedify-dev fedify and vocab-runtime . Affected is the function validatePublicUrl of the component URL Validation Handler . Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2026-50131 . The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.