diff --git a/internal/forgejo/client.go b/internal/forgejo/client.go
index 14b5a6a..69dd7fe 100644
--- a/internal/forgejo/client.go
+++ b/internal/forgejo/client.go
@@ -868,7 +868,20 @@ func (c *Client) GetAttachmentURL(apiURL string) (string, error) {
 }
 
 // ProxyDownload fetches a file from the given Forgejo URL with authentication and streams it back.
+// The URL host must match the configured Forgejo base URL to prevent SSRF.
 func (c *Client) ProxyDownload(downloadURL string) (*http.Response, error) {
+	parsed, err := url.Parse(downloadURL)
+	if err != nil {
+		return nil, fmt.Errorf("invalid download URL: %w", err)
+	}
+	base, err := url.Parse(c.baseURL)
+	if err != nil {
+		return nil, fmt.Errorf("invalid base URL: %w", err)
+	}
+	if parsed.Host != base.Host {
+		return nil, fmt.Errorf("download URL host %q does not match Forgejo host %q", parsed.Host, base.Host)
+	}
+
 	httpReq, err := http.NewRequest("GET", downloadURL, nil)
 	if err != nil {
 		return nil, err