Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
danielmiessler Personal_AI_Infrastructure: Unpatched Code Allows Remote Attackers to Execute Commands
CVE-2026-6141
Summary
A security flaw in the Personal_AI_Infrastructure tool allows hackers to execute commands on your system remotely. This means an attacker could gain control over your system and do anything they want. To fix this, update to the latest version of the tool, which has been patched by the vendor.
Original title
A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can l...
Original description
A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 14322e87e58bf585cf3c7b9295578a6eb7dc4945. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
- https://github.com/danielmiessler/Personal_AI_Infrastructure/
- https://github.com/danielmiessler/Personal_AI_Infrastructure/commit/14322e87e58b...
- https://github.com/danielmiessler/Personal_AI_Infrastructure/pull/659
- https://github.com/danielmiessler/Personal_AI_Infrastructure/pull/659#issuecomme...
- https://vuldb.com/submit/793438
- https://vuldb.com/vuln/357005
- https://vuldb.com/vuln/357005/cti
Published: 13 Apr 2026 · Updated: 13 Apr 2026 · First seen: 13 Apr 2026