CVE-2024-11045 Overview
A Cross-Site WebSocket Hijacking (CSWSH) vulnerability has been identified in automatic1111/stable-diffusion-webui version 1.10.0. This vulnerability allows attackers to hijack WebSocket connections and perform unauthorized actions on the server, including cloning malicious server extensions from GitHub repositories. The flaw stems from improper validation of WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling attackers to execute unauthorized operations when a user visits a malicious website.
Critical Impact
Attackers can exploit this vulnerability to clone malicious server extensions, execute arbitrary scripts, exfiltrate sensitive data, and potentially cause denial of service on affected Stable Diffusion WebUI installations.
Affected Products
- automatic1111 stable-diffusion-webui version 1.10.0
Discovery Timeline
- 2025-03-20 - CVE CVE-2024-11045 published to NVD
- 2025-08-05 - Last updated in NVD database
Technical Details for CVE-2024-11045
Vulnerability Analysis
This Cross-Site WebSocket Hijacking vulnerability exploits the lack of origin validation on WebSocket connections in Stable Diffusion WebUI. WebSocket connections, unlike standard HTTP requests, can bypass Same-Origin Policy protections if not properly implemented. In this case, the vulnerable endpoint at ws://127.0.0.1:7860/queue/join accepts connections without verifying the origin of the request.
When a victim visits a malicious website while running Stable Diffusion WebUI locally, the attacker's JavaScript code can establish a WebSocket connection to the victim's local instance. Since the WebSocket endpoint doesn't validate the connection origin, the attacker gains the ability to send commands to the server as if they were the legitimate user.
The vulnerability is particularly dangerous because it targets a locally-running application that users typically assume is protected from external attacks. The attack chain can lead to unauthorized installation of malicious extensions, which may contain backdoors or cryptocurrency miners.
Root Cause
The root cause of CVE-2024-11045 is improper origin validation (CWE-346) and improper access control (CWE-284) on the WebSocket endpoint. The application fails to verify that WebSocket connection requests originate from trusted sources, allowing cross-origin requests from any website. This design flaw enables attackers to leverage a victim's browser as a proxy to interact with the locally-running Stable Diffusion WebUI instance.
Attack Vector
The attack requires user interaction where the victim must visit a malicious webpage while running Stable Diffusion WebUI locally. The attack flow proceeds as follows:
- Attacker creates a malicious webpage containing JavaScript that attempts to connect to ws://127.0.0.1:7860/queue/join
- Victim visits the malicious webpage while Stable Diffusion WebUI is running
- The attacker's JavaScript establishes a WebSocket connection to the victim's local instance
- Through the hijacked WebSocket, the attacker can queue malicious commands, including cloning extensions from attacker-controlled GitHub repositories
- Malicious extensions may execute arbitrary code, exfiltrate data, or cause denial of service
The attack leverages the network-accessible nature of locally bound services when combined with browser-based exploitation techniques. For detailed technical information, see the Huntr Bounty Report.
Detection Methods for CVE-2024-11045
Indicators of Compromise
- Unexpected WebSocket connections to port 7860 from browser processes
- Newly installed extensions in the Stable Diffusion WebUI extensions directory that were not manually added
- Unusual GitHub repository cloning activity initiated by the WebUI process
- Network traffic to unknown GitHub repositories from the WebUI server process
Detection Strategies
- Monitor WebSocket connection logs for connections originating from unexpected referrer domains
- Implement file integrity monitoring on the extensions directory to detect unauthorized additions
- Review browser console logs for WebSocket connection attempts to localhost services
- Deploy endpoint detection solutions to identify suspicious process spawning from the WebUI application
Monitoring Recommendations
- Configure logging to capture all WebSocket connection attempts including origin headers
- Set up alerts for new extension installations or repository cloning operations
- Monitor outbound network connections from the Stable Diffusion WebUI process for unusual destinations
- Implement application-level auditing for all administrative actions performed through the queue endpoint
How to Mitigate CVE-2024-11045
Immediate Actions Required
- Avoid running Stable Diffusion WebUI while browsing untrusted websites
- Configure firewall rules to restrict access to port 7860 from external networks
- Review installed extensions and remove any unfamiliar or suspicious additions
- Consider running the WebUI in an isolated environment such as a container or virtual machine
Patch Information
Users should monitor the automatic1111/stable-diffusion-webui GitHub repository for security updates that address this WebSocket hijacking vulnerability. Check the Huntr Bounty Report for the latest information on available patches and vendor response.
Workarounds
- Implement a reverse proxy with origin validation in front of the WebUI application
- Use browser extensions that block WebSocket connections to localhost from untrusted origins
- Run Stable Diffusion WebUI in a dedicated browser profile that is not used for general browsing
- Configure the WebUI to require authentication if such an option becomes available
# Example firewall rule to restrict WebUI access (Linux iptables)
# Allow only local connections to the WebUI port
iptables -A INPUT -p tcp --dport 7860 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 7860 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
