PT-2026-32198 · Danielmiessler · Personal Ai Infrastructure

Davidgilmore

Published

2026-04-13

Updated

2026-04-13

CVE-2026-6141

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions danielmiessler Personal AI Infrastructure versions prior to 2.3.1

Description A flaw exists in danielmiessler Personal AI Infrastructure up to version 2.3.0. The issue resides in an unknown function within the Skills/Parser/Tools/parse url.ts file and allows for os command injection through manipulation. This can be triggered remotely. The exploit has been publicly disclosed.

Recommendations Update to version 2.3.1 or later.

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-6141

Affected Products

Personal Ai Infrastructure

PT-2026-32198 · Danielmiessler · Personal Ai Infrastructure

CVE-2026-6141

Weakness Enumeration

Related Identifiers

Affected Products

References · 10