Skip to main content

ChromaDB CVE-2026-45831

| EUVD-2026-36482 HIGH
Incorrect Authorization (CWE-863)
2026-06-12 HiddenLayer GHSA-xph7-9rjv-w5fr
Python Authentication Bypass Chromadb
8.8
CVSS 4.0 · Vendor: HiddenLayer
Share

Severity by source

Vendor (HiddenLayer) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.6 CRITICAL

Network-reachable API, low-privileged tenant account required (PR:L), no user interaction; scope change to other tenants (S:C) with high confidentiality/integrity impact and no availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (HiddenLayer).

CVSS VectorVendor: HiddenLayer

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 16:25 vuln.today

DescriptionCVE.org

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions.

Articles & Coverage 1

News 5 New Python Vulnerabilities - 1 Critical, 4 High Severity Jun 13, 2026

AnalysisAI

Cross-tenant authorization bypass in ChromaDB's SimpleRBACAuthorizationProvider (versions 0.5.0 and later) allows authenticated users to perform actions against tenants, databases, and collections they do not own. The provider verifies that a user holds a given permission but never validates the scope of that permission against the target resource, enabling lateral movement across multi-tenant deployments. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged tenant credentials
Delivery
Enumerate or guess foreign tenant/collection IDs
Exploit
Issue API request scoped to victim tenant
Execution
SimpleRBAC checks permission name without scope
Persist
Action authorized against foreign tenant
Impact
Exfiltrate or modify cross-tenant vector data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target Chroma deployment is running version 0.5.0 or later AND has explicitly configured the SimpleRBACAuthorizationProvider as its authorization provider (consistent with CVSS 4.0 AT:P) AND that the attacker already possesses valid low-privileged credentials within at least one tenant (PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Vendor CVSS 4.0 of 8.8 (AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N) is consistent with a network-reachable authenticated cross-tenant flaw that breaks isolation between subsequent systems (other tenants), which justifies the SC:H/SI:H subsequent-system impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged credentials in Tenant A (for example, a developer account with read access to one collection) issues an API call referencing a collection in Tenant B; the SimpleRBACAuthorizationProvider confirms the user holds the relevant permission name and allows the action without checking that the target resource belongs to Tenant A, returning embeddings, metadata, or write access from the victim tenant. Repeated against well-known tenant/collection IDs (or enumerated via other endpoints), this enables full read/modify of every other tenant's vector store from a single low-privileged foothold.
Remediation No vendor-released patch identified at time of analysis - the only reference is the HiddenLayer advisory at https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-3, which security teams should monitor for an upstream fix tag. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all ChromaDB deployments, document versions in use, and confirm whether SimpleRBACAuthorizationProvider is active for multi-tenant isolation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U
CVE-2026-48031 CRITICAL
9.1 Jun 10

Authentication bypass in dhax/go-base Go REST API boilerplate (versions prior to commit cc82b974, merged May 17, 2026) a
CVE-2026-11393 HIGH
8.8 Jun 08

Remote code execution in AWS AgentCore CLI before v0.14.2 allows authenticated attackers to inject Python code via craft
CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

Share

CVE-2026-45831 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy