Critical March 2026 security updates have been released to fix multiple vulnerabilities across enterprise and AI software systems.
The latest advisories highlight severe flaws that could enable attackers to execute arbitrary code, trigger denial-of-service (DoS) conditions, or escalate privileges within compromised systems.
Organizations utilizing NVIDIA’s AI frameworks are strongly urged to review and patch their environments immediately.
The most alarming issue in this patch cycle affects NVIDIA Apex, a popular PyTorch extension for mixed-precision and distributed AI training.
High-Severity AI Infrastructure Risks
Tracked as CVE-2025-33244, this critical-severity vulnerability requires immediate administrative action.
While specific technical exploit paths remain restricted to prevent active abuse, flaws of this severity in AI training environments often pave the way for remote code execution.
Attackers exploiting this could potentially hijack training workloads, steal proprietary AI models, or pivot deeper into enterprise networks.
NVIDIA addressed several high-severity vulnerabilities across its core AI tools, including Triton Inference Server, Megatron LM, NeMo Framework, and Model Optimizer.
Megatron LM faces multiple flaws that could disrupt large-language-model deployments or expose sensitive training data.
Similarly, Triton Inference Server users must patch against CVE-2025-33238 and related vulnerabilities to prevent potential disruptions and unauthorized access to AI model inference pipelines.
March 2026 Vulnerability Summary
The table below lists affected products, severity levels, and CVE IDs from the March 24, 2026, update, enabling security teams to process them more efficiently than before.
| Product | Severity | CVE Identifiers |
|---|---|---|
| NVIDIA Apex | Critical | CVE-2025-33244 |
| Triton Inference Server | High | CVE-2025-33238, CVE-2025-33254, CVE-2026-24158 |
| Model Optimizer | High | CVE-2026-24141 |
| NeMo Framework | High | CVE-2026-24157, CVE-2026-24159 |
| Megatron LM | High | CVE-2025-33247, CVE-2025-33248, CVE-2026-24152, CVE-2026-24151, CVE-2026-24150 |
| VIRTIO-Net, SNAP4 | Medium | CVE-2025-33215, CVE-2025-33216 |
| B300 MCU | Medium | CVE-2025-33242 |
Following an initiative launched late last year, the NVIDIA Product Security Incident Response Team (PSIRT) now publishes these bulletins on GitHub alongside traditional web alerts.
The data is provided in Markdown and CSAF formats, enabling automated systems to quickly ingest CVE information for faster response.
Administrators should review the full NVIDIA Security Bulletins for March 2026 and apply the recommended software package updates without delay.
Organizations running affected AI frameworks, network components, and MCU hardware must prioritize these patches to defend their infrastructure against emerging remote access and DoS threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical NVIDIA Vulnerabilities Enables RCE and DoS Attacks appeared first on Cyber Security News.
