Home

Description

A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 14322e87e58bf585cf3c7b9295578a6eb7dc4945. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

PUBLISHED Reserved 2026-04-12 | Published 2026-04-13 | Updated 2026-04-14 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

OS Command Injection

Command Injection

Product status

2.0
affected

2.1
affected

2.2
affected

2.3.0
affected

Timeline

2026-04-12:Advisory disclosed
2026-04-12:VulDB entry created
2026-04-12:VulDB entry last update

Credits

davidgilmore (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/357005 (VDB-357005 | danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection) vdb-entry

vuldb.com/vuln/357005/cti (VDB-357005 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/submit/793438 (Submit #793438 | Daniel Miessler Personal AI Infra (PAI) 2.3.0 Command Injection) third-party-advisory

github.com/...elmiessler/Personal_AI_Infrastructure/pull/659 issue-tracking patch

github.com/...elmiessler/Personal_AI_Infrastructure/pull/659 issue-tracking patch

github.com/...ommit/14322e87e58bf585cf3c7b9295578a6eb7dc4945 patch

github.com/danielmiessler/Personal_AI_Infrastructure/ product

cve.org (CVE-2026-6141)

nvd.nist.gov (CVE-2026-6141)

Download JSON