Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-31236: LLM CLI Tool Through 0.27.1 Allows Malicious Code Execution
CVE-2026-31236
GHSA-g76p-4vg5-f4qh
Summary
The LLM CLI tool is affected if you use the --functions option to run custom Python code. This is a serious security risk because an attacker could trick you into running malicious code, giving them control over your system. To stay safe, update the LLM CLI tool to a version that fixes this issue or avoid using the --functions option.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | llm | <= 0.27.1 |
Original title
llm CLI tool contains a code injection vulnerability via `--functions` command-line argument
Original description
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.
Vulnerability type
CWE-94
Code Injection
Published: 12 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026