CVE-2026-25873 - OmniGen2-RL - Remote Code Execution

Overview

OmniGen2-RL contains a remote code execution caused by insecure pickle deserialization in the reward server component, letting unauthenticated remote attackers execute arbitrary commands via malicious HTTP POST requests.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated remote attackers can execute arbitrary commands, potentially leading to full system compromise.

Mitigation

Update to the latest version with secure deserialization fixes.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 18, 2026

🔴 CVE-2026-25873 - Critical (9.8) OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle de... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25873/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 18, 2026

🔴 CVE-2026-25873 - Critical (9.8) OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle de... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25873/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-25873 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score