CRITICAL
Beijing Academy of Artificial Intelligence (BAAI)
CVE published 2026-03-18
CVE-2026-25873
CVE-2026-25873 is a critical unauthenticated remote code execution vulnerability in the reward server component of OmniGen2-RL. The vulnerability allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests, exploiting insecure pickle deserialization of request bodies. This vulnerability has a CVSS score of 9.3 and is considered critical. Affected organizations should prio [truncated]