Product
A high-severity vulnerability, CVE-2026-50288, in the `@asymmetric-effort/specifyjs` npm package (versions prior to 0.2.136) allows for the silent bypass of HTTPS validation by mishandling URL parse errors in the `assertSecureUrl` function, which can lead to Server-Side Request Forgery (SSRF).