Product
An unauthenticated, network-accessible Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2026-63088, exists in stoatchat versions prior to 0.14.0, allowing attackers to bypass DNS-based IP blocklists by exploiting incomplete address validation, potentially leading to unauthorized access to internal network resources.