CVE-2026-31236
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
The llm CLI tool through version 0.27.1 contains a critical code injection vulnerability via its --functions argument. This argument allows custom Python function definitions, but the tool directly executes the code using the unsafe exec() function without sanitization. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and tricking a victim into running it, leading to arbitrary code execution on the victim's system.
Risk Assessment
The risk for the organization is the potential for an attacker to gain full control over the victim's system, which could lead to data theft, malware installation, or further attacks on the infrastructure.
Recommendation
Immediately update the llm tool to the latest version that fixes this vulnerability. Until then, avoid using the --functions argument with untrusted data and educate users about the risks of running unknown commands.
Original NVD description (English source)
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.

