CVE-2026-45829
published 2026-05-18CVE-2026-45829: A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary…
PriorityP182critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
12.39%
95.7th percentile
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chroma | chromadb | 1.0.0 – * | — |
| chroma | chromadb | 1.0.0 – 1.5.9 | — |
| rhelai3 | bootc-cuda-rhel9 | — | — |
| rhelai3 | bootc-gaudi-rhel9 | — | — |
| rhelai3 | bootc-rocm-rhel9 | — | — |
| rhelai3 | disk-image-cuda-rhel9 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST/PUT requests to the ChromaDB collections endpoint /api/v2/tenants/{tenant}/databases/{db}/collections containing 'trust_remote_code' set to true — this is the attack vector for pre-auth code injection. ↗
- →The server returns an HTTP 500 response after the malicious payload has already executed — a 500 on this endpoint following a request with 'trust_remote_code' is a strong post-exploitation indicator. ↗
- →Use Shodan to identify internet-exposed ChromaDB instances; approximately 73% of exposed instances are running a vulnerable version. ↗
- ·Only the Python FastAPI server is vulnerable; deployments using the Rust frontend are NOT affected by this CVE. ↗
- ·Version 1.5.9 was released but it remains unconfirmed whether it patches CVE-2026-45829; do not assume upgrade to 1.5.9 alone is sufficient mitigation. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
ChromaDB Python project has a pre-authentication code injection vulnerability
ghsa·2026-05-18
CVE-2026-45829 [CRITICAL] CWE-94 ChromaDB Python project has a pre-authentication code injection vulnerability
ChromaDB Python project has a pre-authentication code injection vulnerability
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
GHSA
GHSA-f4j7-r4q5-qw2c: A pre-authentication, code injection vulnerability in version 1
ghsa_unreviewed·2026-05-18
CVE-2026-45829 [CRITICAL] CWE-94 GHSA-f4j7-r4q5-qw2c: A pre-authentication, code injection vulnerability in version 1
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
VulDB
Chroma ChromaDB up to 1.0.0 Model collections code injection (ID 6717)
vuldb·2026-05-18·CVSS 10.0
CVE-2026-45829 [CRITICAL] Chroma ChromaDB up to 1.0.0 Model collections code injection (ID 6717)
A vulnerability described as critical has been identified in Chroma ChromaDB up to 1.0.0. This vulnerability affects unknown code of the file the /api/v2/tenants/{tenant}/databases/{db}/collections of the component Model Handler. The manipulation results in code injection.
This vulnerability was named CVE-2026-45829. The attack may be performed from remote. There is no available exploit.
Red Hat
chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection
vendor_redhat·2026-05-18·CVSS 10.0
CVE-2026-45829 [CRITICAL] CWE-502 chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection
chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection
A flaw was found in the ChromaDB Python project. This pre-authentication code injection vulnerability allows an unauthenticated attacker to execute arbitrary code on the server. The attacker can achieve this by sending a malicious model repository to the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint, provided that trust_remote_code is set to true. This could lead to complete compromise of the affected system.
Package: rhelai3/bootc-cuda-rhel9 (Red Hat Enterprise Linux AI (RHEL AI) 3) - Not affected
Package: rhelai3/bootc-gaudi-rhel9 (Red Hat Enterprise Linux AI (RHEL AI) 3) - Not affected
Package: rhelai3/bootc-rocm-rhel9 (Red Hat Enterprise Linux AI (RHEL AI) 3) - Not affec
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-45829 chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection
bugzilla·2026-05-18·CVSS 10.0
CVE-2026-45829 [CRITICAL] CVE-2026-45829 chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection
CVE-2026-45829 chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Hackernews
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
blogs_hackernews·2026-05-25
CVE-2026-46333 ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week.
A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times.
Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually looks real. Meanwhile, botnets are grabbing anything exposed to the internet like it's free candy. The Internet's still a dumpster fire.
Let’s get into
Bleepingcomputer
Max-severity flaw in ChromaDB for AI apps allows server hijacking
blogs_bleepingcomputer·2026-05-19·CVSS 10.0
CVE-2026-45829 [CRITICAL] Max-severity flaw in ChromaDB for AI apps allows server hijacking
## Max-severity flaw in ChromaDB for AI apps allows server hijacking
## Bill Toulas
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers.
The flaw is tracked as CVE-2026-45829 and was reported to ChromaDB on February 17. It received the maximum severity score from HiddenLayer, the company that discovered it.
ChromaDB is an open-source vector database and AI retrieval backend used in agentic AI and related applications. It enables retrieving semantically relevant documents during large-language model (LLM) inference.
The flaw affects the codebase containing the vulnerable Python API server logic, so the PyPI package, which has nearly 14 million monthly downloads , is at risk w
https://github.com/chroma-core/chroma/issues/6717https://www.hiddenlayer.com/research/chromatoast-served-pre-authhttps://access.redhat.com/security/cve/CVE-2026-45829https://bugzilla.redhat.com/show_bug.cgi?id=2479623https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45829.jsonhttps://www.hiddenlayer.com/research/chromatoast-served-pre-auth
2026-05-18
Published