CVE-2026-31236

Name of the Vulnerable Software and Affected Versions llm versions prior to 0.27.2

Description A code injection issue exists in the llm CLI tool. The tool uses the unsafe exec() function to process custom Python function definitions provided through the --functions command-line argument without sanitization, sandboxing, or security restrictions. An attacker can exploit this by tricking a user into executing a malicious command containing arbitrary Python code in the --functions argument, leading to arbitrary code execution on the system.

Recommendations Update to version 0.27.2 or later. As a temporary workaround, avoid using the --functions argument with untrusted input.