Omnigen2 Rl
Monthly
Remote code execution in the Beijing Academy of Artificial Intelligence (BAAI) OmniGen2-RL reward server lets unauthenticated attackers run arbitrary OS commands by POSTing a malicious pickle payload to the exposed HTTP endpoint. The reward_server.py and reward_proxy.py components call pickle.loads() directly on raw, attacker-controlled request bodies, so any network-reachable instance can be fully compromised. Publicly available exploit code exists (chocapikk.com write-up) and a vendor patch (PR #139) is available, though EPSS remains low at 0.13% and there is no public exploit identified as actively exploited.
Remote code execution in the Beijing Academy of Artificial Intelligence (BAAI) OmniGen2-RL reward server lets unauthenticated attackers run arbitrary OS commands by POSTing a malicious pickle payload to the exposed HTTP endpoint. The reward_server.py and reward_proxy.py components call pickle.loads() directly on raw, attacker-controlled request bodies, so any network-reachable instance can be fully compromised. Publicly available exploit code exists (chocapikk.com write-up) and a vendor patch (PR #139) is available, though EPSS remains low at 0.13% and there is no public exploit identified as actively exploited.