What is the CVSS score of CVE-2026-31236?

CVE-2026-31236 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of llm CLI tool are affected by CVE-2026-31236?

CVE-2026-31236 affects the llm CLI tool through version 0.27.1 and enables arbitrary code execution when users are socially engineered into executing malicious commands.

llm CLI tool CVE-2026-31236

EUVD-2026-29559 CRITICAL

Code Injection (CWE-94)

2026-05-12 mitre

GHSA-g76p-4vg5-f4qh

RCE Python Code Injection N A

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 14, 2026 - 20:23 vuln.today

CVSS changed

May 14, 2026 - 20:22 NVD

9.8 (CRITICAL)

CVE Published

May 12, 2026 - 00:00 nvd

CRITICAL 9.8

CVE Published

May 12, 2026 - 00:00 nvd

UNKNOWN (no severity yet)

DescriptionNVD

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.

AnalysisAI

Arbitrary code execution occurs in the llm CLI tool (versions through 0.27.1) when attackers social-engineer victims into running crafted commands containing malicious Python code in the --functions argument. The tool directly executes this code via unsafe exec() without sanitization, enabling full system compromise. …

RemediationAI

Within 24 hours: inventory all llm CLI tool installations across development and data science teams using 'llm --version' or package managers. Within 7 days: restrict llm CLI usage to trusted, isolated environments and implement mandatory code review processes for any --functions arguments before execution. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-31236 vulnerability details – vuln.today

Back

llm CLI tool CVE-2026-31236

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code