I'm a pentester and security consultant. From my point of view, this vulnerability has more impact than just a resource leak or DOS. We all know how often CSAM or other illegal material is uploaded to communities here as actual posts (where hundreds of viewers run into it to report it). Now imagine them uploading it and spreading it like this, and only the admin can catch it if they goes out of their way to check it?
I wouldn't call this a high risk issue for sure. But a significant security risk regardless.
Sounds like a typical layer 8 issue to me ๐ค