The latest advisories highlight severe flaws that could enable attackers to execute arbitrary code, trigger denial-of-service (DoS) conditions, or escalate privileges within compromised systems.
Organizations utilizing NVIDIA’s AI frameworks are strongly urged to review and patch their environments immediately.
The most alarming issue in this patch cycle affects NVIDIA Apex, a popular PyTorch extension for mixed-precision and distributed AI training.
Tracked as CVE-2025-33244, this critical-severity vulnerability requires immediate administrative action.
While specific technical exploit paths remain restricted to prevent active abuse, flaws of this severity in AI training environments often pave the way for remote code execution.
Attackers exploiting this could potentially hijack training workloads, steal proprietary AI models, or pivot deeper into enterprise networks.
NVIDIA addressed several high-severity vulnerabilities across its core AI tools, including Triton Inference Server, Megatron LM, NeMo Framework, and Model Optimizer.
Megatron LM faces multiple flaws that could disrupt large-language-model deployments or expose sensitive training data.
Similarly, Triton Inference Server users must patch against CVE-2025-33238 and related vulnerabilities to prevent potential disruptions and unauthorized access to AI model inference pipelines.
The table below lists affected products, severity levels, and CVE IDs from the March 24, 2026, update, enabling security teams to process them more efficiently than before.
| Product | Severity | CVE Identifiers |
|---|---|---|
| NVIDIA Apex | Critical | CVE-2025-33244 |
| Triton Inference Server | High | CVE-2025-33238, CVE-2025-33254, CVE-2026-24158 |
| Model Optimizer | High | CVE-2026-24141 |
| NeMo Framework | High | CVE-2026-24157, CVE-2026-24159 |
| Megatron LM | High | CVE-2025-33247, CVE-2025-33248, CVE-2026-24152, CVE-2026-24151, CVE-2026-24150 |
| VIRTIO-Net, SNAP4 | Medium | CVE-2025-33215, CVE-2025-33216 |
| B300 MCU | Medium | CVE-2025-33242 |
Following an initiative launched late last year, the NVIDIA Product Security Incident Response Team (PSIRT) now publishes these bulletins on GitHub alongside traditional web alerts.
The data is provided in Markdown and CSAF formats, enabling automated systems to quickly ingest CVE information for faster response.
Administrators should review the full NVIDIA Security Bulletins for March 2026 and apply the recommended software package updates without delay.
Organizations running affected AI frameworks, network components, and MCU hardware must prioritize these patches to defend their infrastructure against emerging remote access and DoS threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical NVIDIA Vulnerabilities Enables RCE and DoS Attacks appeared first on Cyber Security News.
Marvel Studios mastermind Kevin Feige has opened up about the decision to bring Robert Downey…
Project Hail Mary author Andy Weir has revealed his “only regret” about the movie, confirming…
Slay the Spire 2 developer Mega Crit has published a detailed roadmap for Slay the…
A new weekend has arrived, and today, you can save big on the 4K Movies,…
Resident Evil Requiem fans believe next month’s mysterious content update will add a new version…
Wrestlemania 42 is finally here, and I’m here in Las Vegas at Allegiant Stadium to…
This website uses cookies.