Critical NVIDIA flaws hit Apex, Triton, NeMo, and Megatron-LM in March security update

NVIDIA has released March 2026 security bulletins for several enterprise and AI products, including Apex, Triton Inference Server, NeMo Framework, Megatron-LM, Model Optimizer, and B300 MCU firmware. The most severe issue is CVE-2025-33244 in NVIDIA Apex, which NVIDIA rates as critical with a CVSS score of 9.0 and says could lead to code execution, denial of service, privilege escalation, data tampering, and information disclosure.

This does not mean every affected product exposes a simple internet-facing remote code execution path. NVIDIA’s own bulletins show a mixed picture. Some issues in Megatron-LM, Model Optimizer, and NeMo involve unsafe deserialization or malicious files and inputs, while Triton’s March flaws center on denial of service. That distinction matters because it changes how defenders should assess exposure and patch urgency.

Organizations running NVIDIA AI stacks should patch quickly, especially if they use Apex in training environments or Triton in production inference pipelines. NVIDIA says customers should update to the fixed versions or commits listed in each bulletin and evaluate risk based on their own configuration.

Apex flaw is the most urgent issue

The biggest March advisory covers NVIDIA Apex for Linux. NVIDIA says CVE-2025-33244 is a deserialization of untrusted data bug that affects environments using PyTorch versions earlier than 2.6. The company says users should update Apex to code that includes commit db8e053 or later and ensure their environment uses PyTorch 2.6 or later.

That issue stands out because Apex is widely used in mixed-precision and distributed AI training. In practical terms, a bug that can enable code execution inside a training environment can expose models, datasets, credentials, and internal infrastructure if an attacker reaches the vulnerable workflow. That risk is an inference from NVIDIA’s stated impact categories and the role Apex plays in enterprise AI pipelines.

Triton, NeMo, and Megatron-LM also need attention

NVIDIA Triton Inference Server received fixes for three high-severity issues: CVE-2025-33238, CVE-2025-33254, and CVE-2026-24158. NVIDIA says all three may lead to denial of service, including one issue in the HTTP endpoint that can be triggered with a large compressed payload. The company recommends updating Triton Server to version 26.01 or later.

NeMo Framework also received March fixes. NVIDIA’s bulletin lists CVE-2026-24157 and CVE-2026-24159 and says affected versions prior to 2.6.2 should be updated to 2.6.2. NVIDIA says these flaws may allow remote code execution, along with privilege escalation, information disclosure, and data tampering.

Megatron-LM received a larger batch of fixes. NVIDIA lists CVE-2025-33247, CVE-2025-33248, CVE-2026-24150, CVE-2026-24151, and CVE-2026-24152, all rated high severity. The bulletin says these bugs can enable code execution through areas such as quantization configuration loading, hybrid conversion scripts, checkpoint loading, and inferencing when a user loads malicious input or files. NVIDIA recommends updating to Megatron-LM 0.15.3 or later.

Other affected NVIDIA products in the March batch

NVIDIA Model Optimizer also received a high-severity fix. The bulletin says CVE-2026-24141 affects versions before 0.41.0 and could allow unsafe deserialization through a specially crafted input file, leading to code execution, privilege escalation, data tampering, and information disclosure. NVIDIA says users should update to ModelOpt 0.41.0 or later.

On the hardware side, NVIDIA also published a March bulletin for the B300 MCU. NVIDIA says CVE-2025-33242 affects HGX and DGX B300 CX8 MCU versions up to 1.0 and may allow a malicious actor to modify unsupported registries, leading to denial of service and data tampering. The fixed version is B300 1.4.

March 2026 NVIDIA vulnerability summary

Source: NVIDIA security bulletins published March 24, 2026.

Why this patch cycle matters

• Apex carries the only critical severity rating in this group.
• Triton sits in production inference paths, so even DoS-only flaws can disrupt live AI services.
• NeMo, Megatron-LM, and Model Optimizer bugs affect model development and training workflows, where malicious files or crafted inputs can become a realistic threat.
• NVIDIA now publishes many bulletins on GitHub in Markdown, CSAF, and CVE formats, which should make enterprise vulnerability intake and automation easier.

What security teams should do now

• Identify whether Apex, Triton, NeMo, Megatron-LM, Model Optimizer, or B300 MCU firmware run anywhere in your environment.
• Prioritize Apex first because NVIDIA rates it critical.
• Patch Triton quickly if it supports production inference workloads.
• Audit model training and conversion workflows for untrusted files or user-supplied inputs.
• Pull the latest bulletins from NVIDIA’s Product Security page or GitHub repository and feed them into your normal remediation process.

FAQ