Is there a patch available for CVE-2026-6141?

Yes, a patch is available for CVE-2026-6141. Update the affected software to the latest version immediately.

CVE-2026-6141

Q: What is the CVSS score of CVE-2026-6141?

CVE-2026-6141 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.7%.

EUVD-2026-21768 LOW

OS Command Injection (CWE-78)

2026-04-13 VulDB

Command Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

CVSS changed

Apr 13, 2026 - 01:22 NVD

6.3 (MEDIUM) 5.3 (MEDIUM)

Analysis Generated

Apr 13, 2026 - 01:18 vuln.today

EUVD ID Assigned

Apr 13, 2026 - 01:15 euvd

EUVD-2026-21768

Analysis Generated

Apr 13, 2026 - 01:15 vuln.today

Patch released

Apr 13, 2026 - 01:15 nvd

Patch available

CVE Published

Apr 13, 2026 - 00:45 nvd

LOW 2.1

DescriptionNVD

A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 14322e87e58bf585cf3c7b9295578a6eb7dc4945. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

AnalysisAI

OS command injection in danielmiessler Personal_AI_Infrastructure up to version 2.3.0 allows authenticated remote attackers to execute arbitrary system commands via a malicious URL parameter in the parse_url.ts parser tool. The vulnerability requires low-privilege authentication and has publicly available exploit code; the vendor released a patched version promptly after disclosure.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6141 vulnerability details – vuln.today

Back