The code point 254 is valid UTF-8 but its not valid in urlencoding. Probably a bit pedantic given it doesn’t solve your problem. But there are potentially other issues if you are receiving invalid URLs.
I’m sure someone more knowledgable than I will answer the question you actually asked
If your tests are failing with that error, you might need to show us your tests, then we might be able to fix them with you.
As @kip already said, if you currently rely on receiving malformed data, then you should probably fix your receiver and tell your providers to send in the data correctly specified/escaped.
This external system sends invalid requests. Even though the byte 254 might be valid UCS2, it is not valid in a query string and has to be escaped as %FE.
Please file a bug upstream, while they fix it, you can use your temporary workaround.
PS, the example input you have shown does not even contain that byte.