CVE-2026-25873 OmniGen2-RL Reward Server Unsafe Deserialization RCE

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...

CVE-2026-25873

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...

CVE-2026-25873 OmniGen2-RL Reward Server Unsafe Deserialization RCE

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...

CVE-2026-25873

The CVE-2026-25873 entry concerns OmniGen2-RL, specifically the reward-server component. The vulnerability is an unauthenticated remote code execution via insecure pickle deserialization of HTTP POST request bodies, enabling an attacker to execute arbitrary commands on the host running the expose...

PT-2026-26152

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...

OmniGen2 代码问题漏洞

OmniGen2 is a model for command-driven image editing, open-sourced by VectorSpaceLab. OmniGen2 has a code vulnerability that stems from insecure pickle deserialization in the reward server component, which may lead to remote code execution...