If this is something you can actually reproduce through testing then having details of how to reproduce it would be useful. In my testing it isn't possible to trigger anything like that.
We have one entry in our access log today but it looks like a bot or a spammer so it's likely some sort of automated mechanism that is just getting stuff wrong.
It's worth checking the IP addresses listed against these entries to see if they come up as a spam source or shared network device, and indeed whether they actually relate to a genuine user on your forum:
https://whatismyipaddress.com/ip/{ip}
Aside from that, some level of reproduction steps or patterns (such as specific URLs or IP addresses) might help us troubleshoot this further.
In 99,99% of all cases such broken requests are generated by dumb bots/scrapers, nothing to worry about.
We get tons of such requests, usually from China, Russia, etc. - we just filter them so they don't even reach our backend servers.