Skip to main content

Omnigen2 Rl

1 CVEs product

Monthly

CVE-2026-25873 CRITICAL POC PATCH Act Now

Remote code execution in the Beijing Academy of Artificial Intelligence (BAAI) OmniGen2-RL reward server lets unauthenticated attackers run arbitrary OS commands by POSTing a malicious pickle payload to the exposed HTTP endpoint. The reward_server.py and reward_proxy.py components call pickle.loads() directly on raw, attacker-controlled request bodies, so any network-reachable instance can be fully compromised. Publicly available exploit code exists (chocapikk.com write-up) and a vendor patch (PR #139) is available, though EPSS remains low at 0.13% and there is no public exploit identified as actively exploited.

RCE Deserialization Omnigen2 Rl
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Remote code execution in the Beijing Academy of Artificial Intelligence (BAAI) OmniGen2-RL reward server lets unauthenticated attackers run arbitrary OS commands by POSTing a malicious pickle payload to the exposed HTTP endpoint. The reward_server.py and reward_proxy.py components call pickle.loads() directly on raw, attacker-controlled request bodies, so any network-reachable instance can be fully compromised. Publicly available exploit code exists (chocapikk.com write-up) and a vendor patch (PR #139) is available, though EPSS remains low at 0.13% and there is no public exploit identified as actively exploited.

RCE Deserialization Omnigen2 Rl
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy