Skip to main content

ChromaDB CVE-2026-45830

| EUVD-2026-36461 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-12 HiddenLayer GHSA-2wm9-hf6c-p5cr
Python Authentication Bypass Chromadb
8.8
CVSS 4.0 · Vendor: HiddenLayer
Share

Severity by source

Vendor (HiddenLayer) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.6 CRITICAL

Network API with any valid low-privileged tenant credential (PR:L), no user interaction, scope changes to other tenants (S:C) with high C/I impact on their data; availability not affected.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (HiddenLayer).

CVSS VectorVendor: HiddenLayer

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 16:18 vuln.today

DescriptionCVE.org

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

Articles & Coverage 1

News 5 New Python Vulnerabilities - 1 Critical, 4 High Severity Jun 13, 2026

AnalysisAI

Cross-tenant data access in ChromaDB Python project version 0.4.17 and later allows any authenticated user to read, write, update, or delete data in collections belonging to other tenants, breaking the tenant isolation boundary that multi-tenant deployments rely on. The flaw, reported by HiddenLayer and tracked under CWE-639, carries a CVSS 4.0 score of 8.8 reflecting high confidentiality and integrity impact on both the vulnerable system and downstream tenants. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged ChromaDB credential
Delivery
Enumerate other tenant or collection IDs
Exploit
Send API call referencing victim tenant
Execution
Bypass missing authorization check
Persist
Read or overwrite victim embeddings
Impact
Exfiltrate data or poison RAG context
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires a valid low-privileged authenticated session on a ChromaDB Python instance running version 0.4.17 or later that is deployed in multi-tenant mode with more than one tenant configured - the attacker must know or guess the target tenant or collection identifier, but no admin role, user interaction, or special client is needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N consistently describes a network-reachable, low-complexity bug that requires only a valid low-privileged credential and no user interaction, with high confidentiality and integrity impact on both the vulnerable server and subsequent tenant systems - availability is unaffected because the bug enables data manipulation rather than crashes. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or compromises a low-privileged account on a multi-tenant ChromaDB-backed RAG or AI agent platform, authenticates to the ChromaDB API, then issues read or write API calls naming a collection or tenant identifier belonging to a different customer. Because authorization is not validated against the caller's tenant, the server returns the victim tenant's embeddings (often raw document chunks containing proprietary text) and accepts destructive writes or deletes, enabling data theft, prompt-injection seeding, or denial-of-service against the victim tenant's AI features.
Remediation No vendor-released patch identified at time of analysis from the provided data - consult the HiddenLayer advisory at https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb and the Chroma project release notes for the fixed version once published, then upgrade ChromaDB Python to that release. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Determine if ChromaDB version 0.4.17 or later is deployed in multi-tenant production. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U
CVE-2026-48031 CRITICAL
9.1 Jun 10

Authentication bypass in dhax/go-base Go REST API boilerplate (versions prior to commit cc82b974, merged May 17, 2026) a
CVE-2026-11393 HIGH
8.8 Jun 08

Remote code execution in AWS AgentCore CLI before v0.14.2 allows authenticated attackers to inject Python code via craft
CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

Share

CVE-2026-45830 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy