← All Tags
# vulnerabilities posthog

1 link tagged with all of: vulnerabilities + posthog

Click any tag below to further narrow down your results

+ ssrf (1) + security (1) + rce (1)

Links

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096) - Mehmet Ince @mdisec - Vulnerability Researcher | Building security products | Security Advisor | Amateur Muay Thai fighter

The article details a hands-on investigation of PostHog's security flaws, specifically focusing on server-side request forgery (SSRF) vulnerabilities. It outlines how these weaknesses allow for unauthorized access to internal services, culminating in an RCE chain through ClickHouse and SQL injection.
Saved by tldr-importer · Last saved February 14, 2026 · 6 min read
posthog ✓ + ssrf + security vulnerabilities ✓ + rce