Skip to main content

ChromaDB CVE-2026-45832

| EUVD-2026-36483 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-12 HiddenLayer GHSA-x97m-f58v-9cwg
Python Authentication Bypass Chromadb
8.8
CVSS 4.0 · Vendor: HiddenLayer
Share

Severity by source

Vendor (HiddenLayer) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.6 CRITICAL

Remote API call with valid low-priv credentials (PR:L), no UI, scope-changed because authz boundary across tenants is broken; high C/I on other tenants' data, no availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (HiddenLayer).

CVSS VectorVendor: HiddenLayer

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 16:27 vuln.today

DescriptionCVE.org

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

Articles & Coverage 1

News 5 New Python Vulnerabilities - 1 Critical, 4 High Severity Jun 13, 2026

AnalysisAI

Authorization bypass in ChromaDB's Python implementation lets authenticated tenants reach data outside their authorization boundary by invoking the V1 collection-level REST endpoints, which forward None as both the tenant and database identifiers to the authorization layer. The flaw, disclosed by HiddenLayer, exposes high-impact reads and writes to cross-tenant collections in this Python vector database. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege ChromaDB API credentials
Delivery
Identify exposed V1 collection endpoints
Exploit
Send V1 request targeting another tenant's collection ID
Execution
Authorization layer evaluates None tenant/database and permits call
Impact
Read or modify cross-tenant embeddings and metadata
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target deployment (1) exposes ChromaDB's legacy V1 REST collection endpoints, (2) has Chroma's authorization layer enabled (otherwise there is nothing to bypass), and (3) is configured in a multi-tenant or multi-database mode where there are other tenants/databases worth reaching. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N (8.8) is internally consistent with the description: a remote, low-privilege caller can pivot across tenants with high impact to confidentiality and integrity of subsequent systems (other tenants' collections), but no availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated low-privilege user of a multi-tenant ChromaDB deployment crafts an HTTP request to a V1 collection-level endpoint (for example, listing or modifying a collection) and supplies the target collection identifier of a different tenant. Because the V1 handler passes None as the tenant and database to the authorization layer, the check trivially succeeds and the attacker reads or writes another tenant's embeddings and metadata. …
Remediation No vendor-released patch identified at time of analysis from the provided data, so confirm the fixed ChromaDB release via the HiddenLayer advisory at https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-4 and Chroma's GitHub releases before scheduling the upgrade. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: inventory all ChromaDB Python deployments and identify those running in multi-tenant mode; assess network exposure and data sensitivity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U
CVE-2026-48031 CRITICAL
9.1 Jun 10

Authentication bypass in dhax/go-base Go REST API boilerplate (versions prior to commit cc82b974, merged May 17, 2026) a
CVE-2026-11393 HIGH
8.8 Jun 08

Remote code execution in AWS AgentCore CLI before v0.14.2 allows authenticated attackers to inject Python code via craft
CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

Share

CVE-2026-45832 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy