Lucene search
+L

14 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-400 llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.4AI score0.00327EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-31236

A flaw was found in the llm CLI tool. An attacker can exploit a code injection vulnerability by crafting a malicious command with arbitrary Python code in the --functions argument. If a victim is tricked into running this command, it leads to arbitrary code execution on their system, potentially...

9.8CVSS6AI score0.00327EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command- line argument. This argument is intended to allow use...

9.8CVSS6.2AI score0.00327EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29559

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

6.3AI score0.00327EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 6:30 p.m.10 views

GHSA-G76P-4VG5-F4QH llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/12 6:16 p.m.7 views

DEBIAN-CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:16 p.m.9 views

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS0.00327EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/12 6:16 p.m.11 views

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40123

Name of the Vulnerable Software and Affected Versions llm versions prior to 0.27.2 Description A code injection issue exists in the llm CLI tool. The tool uses the unsafe exec function to process custom Python function definitions provided through the --functions command-line argument without...

9.8CVSS6.4AI score0.00327EPSS
Exploits0References13
CVE
CVE
added 2026/05/12 12:0 a.m.26 views

CVE-2026-31236

The CVE-2026-31236 issue affects the llm CLI tool up to version 0.27.1. The vulnerability arises from the --functions argument, which accepts user-provided Python definitions and is executed with unsafe exec() without sanitization or sandboxing, enabling arbitrary code execution on a victim’s sys...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.35 views

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

0.00327EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/12 12:0 a.m.14 views

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0
Snyk
Snyk
added 2026/05/12 12:0 a.m.6 views

Arbitrary Code Injection

Overview llm is a CLI utility and Python library for interacting with Large Language Models from organizations like OpenAI, Anthropic and Gemini plus local models installed on your own machine. Affected versions of this package are vulnerable to Arbitrary Code Injection via the --functions...

9.8CVSS6.2AI score0.00327EPSS
Exploits0References2
Rows per page
Query Builder