Critical NVIDIA Vulnerabilities Enable RCE and DoS Attacks

NVIDIA has released its March 2026 security bulletins, warning of multiple vulnerabilities across its AI and infrastructure products that could allow remote code execution (RCE) and denial-of-service (DoS) attacks.

The disclosure highlights growing risks in machine learning environments, where widely used frameworks and inference tools are increasingly becoming high-value targets for attackers.

The most critical issue affects NVIDIA Apex, a performance optimization library commonly used in deep learning workflows.

Tracked under bulletin 5782 and assigned CVE-2025-33244, this flaw could allow attackers to execute arbitrary code on vulnerable systems.

Given Apex’s role in accelerating training processes, exploitation could compromise entire AI pipelines, especially in enterprise and research environments.

In addition to Apex, several high-severity vulnerabilities were identified across NVIDIA’s AI ecosystem, including Triton Inference Server, Model Optimizer, NeMo Framework, and Megatron LM.

These components are widely deployed in production AI environments for model serving, optimization, and large-scale language model training.

Successful exploitation could lead to service disruption, unauthorized access, or manipulation of AI workloads.

Medium-severity flaws were also patched in NVIDIA VIRTIO-Net, SNAP4, and B300 MCU products. While less severe, these vulnerabilities could still be leveraged in chained attacks or to degrade system performance.

NVIDIA emphasized that threat actors could exploit these vulnerabilities to crash services or execute malicious code, making timely patching critical.

The company strongly advises organizations to assess their exposure and apply updates immediately.

A key development in NVIDIA’s security strategy is the modernization of its advisory distribution. Since October 2025, the NVIDIA Product Security Incident Response Team (PSIRT) has been publishing bulletins via a dedicated GitHub repository.

This approach allows both human-readable and machine-readable formats, including Markdown and CSAF, enabling automated vulnerability management and faster integration into security tools.

The company continues to support Coordinated Vulnerability Disclosure (CVD), encouraging researchers to report flaws privately before public release.

This helps reduce the risk of zero-day exploitation and ensures patches are available when vulnerabilities are disclosed.

Security teams are urged to subscribe to NVIDIA’s advisory notifications and prioritize updates for affected drivers and frameworks.

In AI-driven environments, unpatched vulnerabilities can have cascading effects, especially where automated pipelines and shared infrastructure are involved.

Below is a summary of the March 2026 NVIDIA security bulletins:

Product	Bulletin ID	Severity	CVE Identifier(s)	Publish Date
NVIDIA VIRTIO-Net, SNAP4	5744	Medium	CVE-2025-33215, CVE-2025-33216	24 Mar 2026
NVIDIA Apex	5782	Critical	CVE-2025-33244	24 Mar 2026
NVIDIA B300 MCU	5768	Medium	CVE-2025-33242	24 Mar 2026
NVIDIA Triton Inference Server	5790	High	CVE-2025-33238, CVE-2025-33254, CVE-2026-24158	24 Mar 2026
NVIDIA Model Optimizer	5798	High	CVE-2026-24141	24 Mar 2026
NVIDIA NeMo Framework	5800	High	CVE-2026-24157, CVE-2026-24159	24 Mar 2026
NVIDIA Megatron LM	5769	High	CVE-2025-33247, CVE-2025-33248, CVE-2026-24152, CVE-2026-24151, CVE-2026-24150	24 Mar 2026

As AI adoption accelerates, these vulnerabilities highlight the importance of securing not just infrastructure, but also the software frameworks powering modern machine learning systems.

Organizations running NVIDIA-based workloads should treat this update cycle as a high priority to prevent potential compromise.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Critical NVIDIA Vulnerabilities Enable RCE and DoS Attacks appeared first on Cyber Security News.