CVE-2026-25873
CRITICALOmniGen2-RL Reward Server Unsafe Deserialization RCE
Title source: cnaDescription
OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code execution on the host system running the exposed service.
References (7)
Core 7
Core References
Exploit technical-description
exploit
https://chocapikk.com/posts/2026/omnigen2-pickle-rce/
Product product
https://arxiv.org/abs/2506.18871
Related related
https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_server.py#L118
Related related
https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_proxy.py#L208
Related related
https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_proxy.py#L224
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/omnigen2-rl-reward-server-unsafe-deserialization-rce
Scores
CVSS v3
9.8
EPSS
0.0108
EPSS Percentile
60.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (1)
Beijing Academy of Artificial Intelligence (BAAI)/OmniGen2-RL
Published
Mar 18, 2026
Tracked Since
Mar 19, 2026