NVIDIA Patches Multiple Flaws Including Critical RCE Vulnerability in Apex AI Optimization Library
Take action: If you're running NVIDIA AI tools like Apex, Triton, NeMo, or Megatron, check the March 2026 security bulletins and apply all available patches immediately — several of these flaws are high-severity and could let attackers take over your AI pipelines. Subscribe to NVIDIA's security advisories so you don't miss future updates, and prioritize patching any internet-facing or shared infrastructure components first.
Learn More
NVIDIA has published its March 2026 security bulletins, patching multiple vulnerabilities across its artificial intelligence and infrastructure product lines that could enable remote code execution (RCE) and denial-of-service (DoS) attacks.
Vulnerabilities summary:
- CVE-2025-33244 (CVSS score 9.0) is classified as a deserialization of untrusted data vulnerability (CWE-502) affecting NVIDIA Apex for Linux. This flaw impacts environments running PyTorch versions earlier than 2.6. Successful exploitation could lead to arbitrary code execution, denial of service, escalation of privileges, data tampering, and information disclosure. Given Apex's central role in accelerating AI training processes, exploitation of this vulnerability could compromise entire AI pipelines, particularly in enterprise and research settings. NVIDIA has resolved this issue and recommends users clone or update NVIDIA Apex to include commit db8e053 or later, and ensure their environment uses PyTorch 2.6 or later.
- CVE-2025-33238, CVE-2025-33254, CVE-2026-24158 — NVIDIA Triton Inference Server (Bulletin 5790, High severity), widely used for model serving and inference in production AI environments.
- CVE-2026-24141 — NVIDIA Model Optimizer (Bulletin 5798, High severity), a tool used for optimizing deep learning models for deployment.
- CVE-2026-24157, CVE-2026-24159 — NVIDIA NeMo Framework (Bulletin 5800, High severity), a framework commonly employed for large language model and speech AI development.
- CVE-2025-33247, CVE-2025-33248, CVE-2026-24152, CVE-2026-24151, CVE-2026-24150 — NVIDIA Megatron LM (Bulletin 5769, High severity), a library used for large-scale language model training.
- CVE-2025-33215, CVE-2025-33216 — NVIDIA VIRTIO-Net and SNAP4 (Bulletin 5744, Medium severity).
- CVE-2025-33242 — NVIDIA B300 MCU (Bulletin 5768, Medium severity).
All bulletins were published on March 24, 2026. Successful exploitation of the high-severity flaws could result in service disruption, unauthorized access, or manipulation of AI workloads. While the medium-severity issues in VIRTIO-Net, SNAP4, and B300 MCU are less severe on their own, they could still be leveraged in chained attacks or to degrade system performance.
Security teams are strongly advised to subscribe to NVIDIA's advisory notifications and prioritize updates across all affected drivers and frameworks. In AI-driven environments where automated pipelines and shared infrastructure are the norm, unpatched vulnerabilities can have cascading and far-reaching consequences.
