llm Code Injection Vulnerability in CLI Tool Allowing Arbitrary Code Execution

Vulnerability

A critical code injection vulnerability has been identified in the llm CLI tool, affecting versions through 0.27.1. The vulnerability arises from the --functions command-line argument, which allows users to provide custom Python function definitions. However, the tool executes the supplied code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. This flaw can be exploited by crafting a malicious llm command that includes arbitrary Python code in the --functions argument and using social engineering to persuade a victim to execute it, leading to unauthorized code execution on the victim's system, potentially giving the attacker full control.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the victim's system, potentially granting the attacker full control.

Added: May 12, 2026, 6:29 PM

Updated: May 12, 2026, 6:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

llm Code Injection Vulnerability in CLI Tool Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

simonw llm

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating