A vulnerability was found in Koel up to 9.7.0 . It has been rated as critical . This affects an unknown part of the file /api/radio/stations of the component Radio Station Creation Endpoint . Performing a manipulation of the argument url results in server-side request forgery. This vulnerability was named CVE-2026-50552 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.