Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
LLM CLI Tool Through 0.27.1 Allows Malicious Code Execution
DEBIAN-CVE-2026-31236
Summary
The LLM CLI tool has a critical security issue that allows attackers to run malicious code on a victim's system. This happens when a user is tricked into running a specially crafted command with custom Python code. To stay safe, update the LLM CLI tool to the latest version, and be cautious when running commands with custom code.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:13 | debian | llm | All versions |
| Debian:14 | debian | llm | All versions |
Original title
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function d...
Original description
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.
osv CVSS3.1
9.8
- https://security-tracker.debian.org/tracker/CVE-2026-31236 Vendor Advisory
Published: 12 May 2026 · Updated: 17 May 2026 · First seen: 17 May 2026