Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framing-disagreement path in any tested deployment configuration.