This looks more like a UNC path normalization bug than the new external-link warning itself. The clue is that Windows is trying to open instead of a real network path with the server/share prefix preserved.
I’d test one hand-written link first with a proper UNC format and forward slashes, for example:
If that opens, the regression is probably in how Obsidian is generating links for dragged files on a network share, not in the security prompt. If it still fails, then I’d try the 4-slash UNC form too: because some Windows handlers are picky there.