Multiple CVEs Discovered in NVIDIA Megatron and Other Products

Multiple CVEs Discovered in NVIDIA Megatron and Other Products

First seen 24 Mar 2026, 21:48 UTC Cvefeed 76% similarity 67.5

Article Content

Browse articles
ThreatCluster

On March 24, 2026, two critical vulnerabilities were published: CVE-2025-33248 and CVE-2026-33336. CVE-2025-33248 affects NVIDIA Megatron-LM, allowing remote code execution through a maliciously crafted file. This vulnerability can lead to code execution, privilege escalation, information disclosure, and data tampering. CVE-2026-33336 is associated with improper code generation control, but no specific affected products have been listed yet. Both vulnerabilities are currently unpatched, and no specific versions of affected products have been disclosed. The vulnerabilities are categorized under CWEs, with CVE-2025-33248 linked to CWE-502 and CVE-2026-33336 to CWE-94. Public exploits and proof-of-concept codes are being tracked for both vulnerabilities. The situation is evolving, and security professionals are advised to monitor developments closely.

Key Points: • CVE-2025-33248 allows RCE in NVIDIA Megatron-LM through malicious files. • CVE-2026-33336 involves code injection but lacks specific product details. • Both vulnerabilities are currently unpatched and pose significant risks.

ThreatCluster AI

Timeline

2026-03-24
CVE-2025-33248 published
2026-03-24
CVE-2026-33336 published

Community

Browse all →