Omnigen2 Rl

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25873 CRITICAL POC PATCH Act Now

OmniGen2-RL reward server component contains an unauthenticated remote code execution vulnerability allowing attackers to execute arbitrary commands through malicious HTTP POST requests exploiting insecure pickle deserialization. The vulnerability affects Beijing Academy of Artificial Intelligence (BAAI)'s OmniGen2-RL software with a critical CVSS score of 9.8. A public proof-of-concept exploit is available and a patch has been released by the vendor, making this an immediate priority for organizations running exposed instances.

RCE Deserialization Omnigen2 Rl
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25873
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

OmniGen2-RL reward server component contains an unauthenticated remote code execution vulnerability allowing attackers to execute arbitrary commands through malicious HTTP POST requests exploiting insecure pickle deserialization. The vulnerability affects Beijing Academy of Artificial Intelligence (BAAI)'s OmniGen2-RL software with a critical CVSS score of 9.8. A public proof-of-concept exploit is available and a patch has been released by the vendor, making this an immediate priority for organizations running exposed instances.

RCE Deserialization Omnigen2 Rl
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy