[2026-03-24] | Category: Security Research | Reading time: 15 min
Grafana is the most popular open-source monitoring and observability platform, used by
thousands of organizations to visualize metrics, logs, and traces. During security research
on the Grafana OSS codebase, I identified a full read Server-Side Request Forgery
(SSRF) vulnerability/misconfiguration in the data source proxy.
ssrf
grafana
data source proxy
cloud metadata
misconfiguration
[2026-02-04] | Category: Security Research | Reading time: 20 min
GLPI is an open-source IT asset management software used by thousands of organizations worldwide.
I identified a vulnerability chain that allows an authenticated administrator to achieve Remote Code Execution (RCE)
via PHP Object Injection in the progress indicator storage mechanism.
CVE-2026-22248
object injection
insecure desegrialization
rce
glpi