Identified a vulnerability in PHP's FILTER_VALIDATE_URL filter by discovering a bypass that allowed an invalid URL to be validated. Specifically, the URL https://example.com:\@test.com/ was incorrectly validated as valid, potentially leading to security risks such as misinterpretation of the host.

References:

• https://bugs.php.net/bug.php?id=81122

• https://nvd.nist.gov/vuln/detail/CVE-2021-21705