CVE-2026-25873 — OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST req — CVE Database · The Intelligence Room