Quit Emailing Yourself

# vulnerabilities → security → ssrf → posthog → rce

1 link tagged with all of: vulnerabilities + security + ssrf + posthog + rce

Links

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096) - Mehmet Ince @mdisec - Vulnerability Researcher | Building security products | Security Advisor | Amateur Muay Thai fighter

The article details a hands-on investigation of PostHog's security flaws, specifically focusing on server-side request forgery (SSRF) vulnerabilities. It outlines how these weaknesses allow for unauthorized access to internal services, culminating in an RCE chain through ClickHouse and SQL injection.

Saved by tldr-importer · Last saved February 14, 2026 · 6 min read

posthog ✓ ssrf ✓ security ✓ vulnerabilities ✓ rce ✓