Description
OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code execution on the host system running the exposed service.
Published: 2026-03-18
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from unsafe deserialization of Python pickle data in the reward server component of OmniGen2‑RL. An unauthenticated attacker can send a specially crafted HTTP POST request that triggers the server to unpickle the payload, allowing arbitrary code execution on the host running the service. This is a remote code execution flaw (CWE‑502).

Affected Systems

Affected systems are the OmniGen2‑RL reward server from Beijing Academy of Artificial Intelligence (BAAI). No specific affected version numbers are listed in the input; users should assume all current releases until a patch is released and review the vendor’s advisories.

Risk and Exploitability

The score from CVSS is 9.3, indicating a critical vulnerability. Exploitation requires only an unauthenticated HTTP POST to the exposed endpoint, so the attack surface is high. EPSS data is not available, and the issue is not included in CISA’s KEV catalog, but the nature of the flaw suggests a high likelihood of exploitation if the service is reachable over the network.

Generated by OpenCVE AI on March 18, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OmniGen2‑RL to the latest fixed version.
  • Restrict network access to the reward server by using firewall rules or placement behind an authentication proxy.
  • Monitor the service logs for unusual POST requests and block IPs that attempt deserialization patterns.
  • If immediate patch is not available, disable the reward server or replace the unsafe deserialization logic with safe alternatives.

Generated by OpenCVE AI on March 18, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Beijing Academy Of Artificial Intelligence
Beijing Academy Of Artificial Intelligence omnigen2-rl
Vendors & Products Beijing Academy Of Artificial Intelligence
Beijing Academy Of Artificial Intelligence omnigen2-rl

Wed, 18 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code execution on the host system running the exposed service.
Title OmniGen2-RL Reward Server Unsafe Deserialization RCE
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Beijing Academy Of Artificial Intelligence Omnigen2-rl
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-19T15:43:28.187Z

Reserved: 2026-02-06T19:12:03.464Z

Link: CVE-2026-25873

cve-icon Vulnrichment

Updated: 2026-03-19T15:43:22.359Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T21:16:25.220

Modified: 2026-03-19T13:25:00.570

Link: CVE-2026-25873

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:52:12Z

Weaknesses