cbcvebase.
CVE-2026-45833
published 2026-06-12

CVE-2026-45833: A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.34%
26.1th percentile
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/default_tenant/databases/default_database/collections/{collection_id} if they have the UPDATE_COLLECTION permission.

Affected

7 ranges
VendorProductVersion rangeFixed in
chromachromadb0.4.17 – *
rhelai3bootc-cuda-rhel9
rhelai3bootc-gaudi-rhel9
rhelai3bootc-rocm-rhel9
rhelai3disk-image-cuda-rhel9
rhoaiodh-autorag-rhel9
trychromachromadb0.4.17 – 1.5.9

Detection & IOCsextracted from sources · hover to see the quote

url/api/v2/tenants/default_tenant/databases/default_database/collections/{collection_id}
  • Monitor HTTP PATCH/PUT requests to the ChromaDB collections API endpoint containing 'trust_remote_code: true' in the request body, which is the trigger condition for arbitrary code execution.
  • Alert on any ChromaDB API request that sets trust_remote_code to true alongside a model repository parameter, as this combination enables remote code execution from attacker-controlled HuggingFace model repositories.
  • Restrict detection scope to authenticated sessions with UPDATE_COLLECTION permission; unauthenticated requests cannot reach the vulnerable code path.
  • Scope detection to ChromaDB version 0.4.17 and later; earlier versions are not affected.
  • ·RHOAI and RHEL AI deployments are only reachable via this attack path if the Chroma FastAPI server is explicitly exposed to untrusted users; default architectures do not expose it.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.4CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat9.4CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.