CVE-2026-25873 in OmniGen2-RL
Summary
by MITRE • 03/18/2026
OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code execution on the host system running the exposed service.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/23/2026
The vulnerability identified as CVE-2026-25873 represents a critical security flaw within the OmniGen2-RL system's reward server component that exposes organizations to significant remote code execution risks. This vulnerability stems from the improper handling of HTTP POST requests in the server's API endpoints, creating an attack surface that adversaries can exploit without requiring authentication credentials. The flaw specifically manifests in the server's processing of request bodies through insecure pickle deserialization mechanisms, which fundamentally undermines the system's security posture and creates a direct pathway for malicious actors to gain unauthorized control over the host system.
The technical implementation of this vulnerability leverages the Python pickle module's deserialization capabilities, which are inherently dangerous when processing untrusted input from remote sources. When the reward server receives HTTP POST requests containing maliciously crafted pickle data, the system attempts to deserialize this content without proper validation or sanitization, allowing attackers to inject arbitrary Python code that executes within the server's runtime environment. This deserialization flaw aligns with CWE-502, which specifically addresses unsafe deserialization vulnerabilities that can lead to remote code execution through object reconstruction attacks. The vulnerability's exploitation requires only basic HTTP request capabilities and does not demand advanced technical skills or specialized tools, making it particularly dangerous for widespread abuse.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with complete control over the affected server and its underlying resources. Successful exploitation enables adversaries to install backdoors, exfiltrate sensitive data, modify system configurations, and potentially use the compromised system as a launch point for further attacks within the network infrastructure. The unauthenticated nature of this vulnerability means that any external party can exploit it without prior access credentials, creating an immediate and severe threat to system integrity. From an attack lifecycle perspective, this vulnerability maps directly to the execution phase of the kill chain, where attackers transition from initial access to system compromise. The ATT&CK framework categorizes this as a remote code execution technique that can be achieved through insecure deserialization, representing a common vector for advanced persistent threats.
Organizations utilizing OmniGen2-RL systems must implement immediate mitigations to address this vulnerability, including disabling or restricting the affected API endpoints until proper security measures are implemented. The most effective remediation approach involves eliminating pickle deserialization for untrusted input entirely and replacing it with safer serialization formats such as JSON or XML. Network segmentation and firewall rules should be configured to restrict access to the reward server component, limiting exposure to trusted internal networks only. Additionally, implementing proper input validation, content type checking, and request body sanitization can significantly reduce the attack surface. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other components of the system architecture, as this flaw demonstrates the importance of secure coding practices and proper input handling in preventing remote code execution attacks. The vulnerability also highlights the necessity of implementing application-level firewalls and web application security controls to detect and prevent malicious requests before they can be processed by vulnerable components.