Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-31236

AI Predicted 8.8 Difficulty: Easy EPSS 0.08% · P23

Affected Version Matrix 1

VendorProductVersion RangeStatus
n/an/an/aaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-31236

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
LLM 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LLM是Simon Willison个人开发者的一款多模型大语言模型命令行交互工具。 LLM 0.27.1及之前版本存在安全漏洞,该漏洞源于--functions命令行参数直接使用不安全的exec()函数执行代码,未进行清理或沙箱限制,可能导致攻击者通过社会工程学诱骗受害者执行恶意命令,从而执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2026-31236

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-31236

登录查看更多情报信息。

Same Patch Batch · n/a · 2026-05-12 · 60 CVEs total

CVE-2026-20754Intel NPU Drivers 代码问题漏洞
CVE-2026-20714Intel QAT software drivers for Windows 缓冲区错误漏洞
CVE-2025-35991Intel Xeon Scalable Processors 安全漏洞
CVE-2025-35990Intel Endpoint Management Assistant 输入验证错误漏洞
CVE-2025-35979Intel Processors 安全漏洞
CVE-2025-36510Intel Display Virtualization for Windows OS driver 缓冲区错误漏洞
CVE-2026-20793Intel QAT software drivers for Windows 安全漏洞
CVE-2026-20782Intel QAT software drivers for Windows 安全漏洞
CVE-2026-20772Intel Connectivity Performance Suite 代码问题漏洞
CVE-2026-20771Intel QAT software drivers for Windows 代码问题漏洞
CVE-2026-20794Intel Data Center Graphics Driver 安全漏洞
CVE-2026-20753Intel Slim Bootloader 输入验证错误漏洞
CVE-2026-20751Intel Data Center Graphics Driver 缓冲区错误漏洞
CVE-2026-20738Intel QuickAssist Adapter 8960 安全漏洞
CVE-2026-20718Intel NPU Driver for Linux和Intel NPU Driver for Windows 安全漏洞
CVE-2026-20717Intel QAT software drivers for Windows 输入验证错误漏洞
CVE-2025-65719kubectl-mcp-server 安全漏洞
CVE-2025-70842FluentCMS 跨站脚本漏洞
CVE-2026-31222Snorkel 安全漏洞
CVE-2026-31239Mamba 安全漏洞

Showing top 20 of 60 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2026-31236

No comments yet

Leave a comment