OS Command Injection Vulnerability in danielmiessler Personal AI Infrastructure
CVE-2026-6141

5.3MEDIUM

Key Information:

Vendor

Danielmiessler

Status
Personal Ai Infrastructure
Vendor
CVE Published:
13 April 2026

What is CVE-2026-6141?

The danielmiessler Personal AI Infrastructure software versions up to 2.3.0 contain a vulnerability in the Skills/Parser/Tools/parse_url.ts file that allows attackers to execute OS command injection. This vulnerability can be exploited remotely, potentially enabling unauthorized command execution on the affected system. A patch addressing this issue has been released, and users are strongly advised to update to the fixed version promptly to mitigate the risks associated with this vulnerability.

Affected Version(s)

Personal_AI_Infrastructure 2.0

Personal_AI_Infrastructure 2.1

Personal_AI_Infrastructure 2.2

References

https://vuldb.com/vuln/357005
vdb-entry
https://vuldb.com/vuln/357005/cti
signaturepermissions-required
https://vuldb.com/submit/793438
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

davidgilmore (VulDB User)
VulDB CNA Team
.