# SCAN: stable-diffusion-webui (AUTOMATIC1111/stable-diffusion-webui)
Date: 2026-02-15
Target: AUTOMATIC1111/stable-diffusion-webui
Local commit: 82a973c04367123ae98bd9abdf80d9eda9b910e2

## Summary

Two SSRF candidates were captured as ALMOST_REPORT drafts and need hands-on confirmation in a realistic deployment:

1. Extensions tab SSRF: `modules/ui_extensions.py:refresh_available_extensions()` performs `urllib.request.urlopen(url)` on a user-provided URL without calling `check_access()`. This appears to bypass the intended "disable extension access when non-local" control and enables blind SSRF if the Gradio UI is remotely reachable.
2. API image URL SSRF: `modules/api/api.py:decode_base64_to_image()` calls `requests.get()` after `verify_url()`, but does not validate redirect targets (redirect-follow is default), enabling redirect-based SSRF bypass.

## Artifacts

- reports/sdwebui-SSRF-2026-02-13.md
- reports/sdwebui-SSRF-redirect-2026-02-13.md

## Notes / Next Validation Steps

- Confirm how errors from `refresh_available_extensions` are surfaced to the UI (blind vs reflected SSRF, any content leakage).
- Confirm exploitability when started with `--listen` and without `--enable-insecure-extension-access`:
  - Validate the Extensions tab is rendered.
  - Validate the "Load from" click actually executes the backend function and performs outbound requests.
- For API redirect SSRF, confirm:
  - default values of `opts.api_enable_requests` and `opts.api_forbid_local_requests` for the version under test.
  - whether `requests.get()` follows redirects in this codepath (should be default True).