it looks like there is a bug in autocomplete. When it constructs a hit to a facet that contains a &, the & is not urlencoded (into %26), which currently just breaks the link. However this might have further security implications I cannot oversee, as obvisouly the remaining part of the facet value is now interpreted as a separate URL part.
Example: Go to www.bobbie.de, and put Godelmann in the search box. You will get results with products, no categories and at the bottom also the full vendor (“Hersteller”) name, “Godelmann Gmbh & Co. KG”. This link goes to https://www.bobbie.de/catalogsearch/result/?q=Godelmann%20GmbH%20&%20Co.%20KG&refinement_key=udropship_vendor
Which should in fact be