CVE-2024-31462: stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui
mediumvulnerability
security
Summary
Stable-diffusion-webui version 1.7.0 has a vulnerability where user input from the Backup/Restore tab is not properly validated before being used to create file paths, allowing attackers to write JSON files to arbitrary locations on Windows systems where the web server has access. This is a limited file write vulnerability (a security flaw that lets attackers create or modify files in unintended locations) that could let an attacker place malicious files on the server.
Vulnerability Details
CVSS Score
6.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Stability AI
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-31462
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%