CVE-2026-25873

CRITICAL

OmniGen2-RL Reward Server Unsafe Deserialization RCE

Title source: cna

Description

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code execution on the host system running the exposed service.

References (7)

[Patch] https://github.com/VectorSpaceLab/OmniGen2/pull/139

[Exploit] https://chocapikk.com/posts/2026/omnigen2-pickle-rce/

[Product] https://arxiv.org/abs/2506.18871

[Related] https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_server.py#L118

View Writeup ZIP pw:eip

[Related] https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_proxy.py#L208

[Related] https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_proxy.py#L224

[Third Party Advisory] https://www.vulncheck.com/advisories/omnigen2-rl-reward-server-unsafe-deserialization-rce

Scores

CVSS v3 9.8

EPSS 0.0012

EPSS Percentile 30.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-502

Status published

Products (1)

Beijing Academy of Artificial Intelligence (BAAI)/OmniGen2-RL

Published Mar 18, 2026

Tracked Since Mar 19, 2026