The following tag(s) are not allowed: img [] [] after Magento upgrade

Looks like this was only fixed on the 2.4.x branch and will be available in the 2.4.2 release

For those on 2.3 branch I rolled a patch against 2.3.6 if anyone wants to give that a try

add this to your composer.json

        "magento/module-sales": {
            "[Remove in 2.4.2] Fixed issue with critical error: The following tag(s) are not allowed": "https://gist.githubusercontent.com/jordanvector/524a39a6bb201bb2a82639c490f5bacd/raw/af439647fc97b6c14f210755f66b41b49650e8de/2.3.6-Fixed-issue-with-critical-error-The-following-tags.patch"
        }

I have the same issue, I have identified that it is caused by a registered customer viewing their order

A similar issue to https://github.com/magento/magento2/issues/25738 as @Jared Chu says but the solution for that issue doesn't work for this one

I don't have a solution for this but I may have some hints on how to debug this.
The error is logged in the method MagentoFrameworkEscaper::filterProhibitedTags(): https://github.com/magento/magento2/blob/2.3.5-p1/lib/internal/Magento/Framework/Escaper.php#L456
This private method is called by the escapeHtml method from the same class.
So this means that there is a call somewhere to $block->escapeHtml($something) where the parameter ($something in my example) contains an <img> tag and it is not allowed.

you can try to log the stacktrace of the error also.
A quick and dirty way of doing it, if you can reproduce this on a dev or staging environment (I don't recommend it for a live environment) is to replace the line mentioned above

$this->getLogger()->critical(
    'The following tag(s) are not allowed: ' . implode(', ', $notAllowedTags)
);

with

try {
    throw new Exception()
} catch (Exception $e) {
    $this->getLogger()->critical(
        'The following tag(s) are not allowed: ' . implode(', ', $notAllowedTags) . ' Trace: '. $e->getTraceAsString();
    );
}