[MEDIUM] Host confusion via authority reinterpretation

PKSA-jj5t-2zs1-dcfm CVE-2026-48998 GHSA-34xg-wgjx-8xph

Affected package: guzzlehttp/psr7

Affected version: <2.10.2

Reported by:
GitHub, FriendsOfPHP/security-advisories