PatchSiren

Beijing Academy of Artificial Intelligence (BAAI) CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Beijing Academy of Artificial Intelligence (BAAI) CVE published 2026-03-18

CVE-2026-25873

CVE-2026-25873 is a critical unauthenticated remote code execution vulnerability in the reward server component of OmniGen2-RL. The vulnerability allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests, exploiting insecure pickle deserialization of request bodies. This vulnerability has a CVSS score of 9.3 and is considered critical. Affected organizations should prio [truncated]