CVE-2026-6141 | danielmiessler Personal_AI_Infrastructure up to 2.3.0 parse_url.ts os command injection (ID 659)

A vulnerability was found in danielmiessler Personal_AI_Infrastructure up to 2.3.0 and classified as critical. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection.

The identification of this vulnerability is CVE-2026-6141. The attack may be launched remotely. Furthermore, there is an exploit available.

It is advisable to implement a patch to correct this issue.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-6141 | danielmiessler Personal_AI_Infrastructure up to 2.3.0 parse_url.ts os command injection (ID 659)

Post correlati

CVE-2025-48629 | Google Android 13/14/15/16 VoiceInteractionManagerService.java findAvailRecognizer Local Privilege Escalation

CVE-2025-9396 | ckolivas lrzip up to 0.651 strtol_l.c __GI_____strtol_l_internal null pointer dereference (Issue 264)

CVE-2024-43603 | Microsoft Visual Studio Collector Service link following

CVE-2025-6268 | Luna Imaging up to 7.5.5.6 search q cross site scripting

CVE-2025-9396 | ckolivas lrzip up to 0.651 strtol_l.c GI___strtol_l_internal null pointer dereference (Issue 264)