CVE-2026-6141
danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 14322e87e58bf585cf3c7b9295578a6eb7dc4945. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
| CWE | CWE-78 CWE-77 |
| Vendor | danielmiessler |
| Product | personal_ai_infrastructure |
| Published | Apr 13, 2026 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for danielmiessler personal_ai_infrastructure
Be the first to know when new medium vulnerabilities affecting danielmiessler personal_ai_infrastructure are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
danielmiessler / Personal_AI_Infrastructure
2.0 2.1 2.2 2.3.0
References
vuldb.com: https://vuldb.com/vuln/357005 vuldb.com: https://vuldb.com/vuln/357005/cti vuldb.com: https://vuldb.com/submit/793438 github.com: https://github.com/danielmiessler/Personal_AI_Infrastructure/pull/659 github.com: https://github.com/danielmiessler/Personal_AI_Infrastructure/pull/659#issuecomment-3905020094 github.com: https://github.com/danielmiessler/Personal_AI_Infrastructure/commit/14322e87e58bf585cf3c7b9295578a6eb7dc4945 github.com: https://github.com/danielmiessler/Personal_AI_Infrastructure/
Credits
๐ davidgilmore (VulDB User) VulDB CNA Team