Yay, the fix works! Thanks Cohost team for the hard work tracking down the bug. I can upload images directly now instead of having to tag them manually in the post body.
However, as described in the latest patch notes, I'm not actually using the Phishing URL Blocklist in my own ublock origin config, so whatever route the images were taking that was getting intercepted on the way out is still contained in this list at least.