Skip to main content

ChromaDB CVE-2026-8828

| EUVD-2026-36464 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-12 HiddenLayer GHSA-843m-rfxf-6v2g
Authentication Bypass Chromadb
8.8
CVSS 4.0 · Vendor: HiddenLayer
Share

Severity by source

Vendor (HiddenLayer) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.6 CRITICAL

Network-reachable IDOR exploitable by any low-privileged authenticated user; scope changes because impact lands on other tenants, yielding high C and I but no availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (HiddenLayer).

CVSS VectorVendor: HiddenLayer

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 16:18 vuln.today

DescriptionCVE.org

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

AnalysisAI

Cross-tenant data access in the ChromaDB Rust implementation (version 1.0.0 and later) lets any authenticated tenant user read, write, update, or delete data inside collections owned by other tenants because the server does not validate that the caller's tenant matches the target resource. The flaw, reported by HiddenLayer and tracked as CWE-639, breaks the tenant isolation boundary that multi-tenant ChromaDB deployments rely on, and no public exploit identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid tenant credentials
Delivery
Authenticate to ChromaDB API
Exploit
Enumerate other tenant/collection IDs
Execution
Issue cross-tenant CRUD request
Persist
Server skips authorization check
Impact
Read or modify victim tenant data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must hold valid authenticated credentials to a ChromaDB Rust instance of version 1.0.0 or later (PR:L), the instance must be running in a multi-tenant configuration so that other tenants' collections exist as targets (the AT:P attack requirement), and the attacker needs to know or enumerate a target tenant or collection identifier - typically a UUID or name passed through the API. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N (8.8, High) is consistent with a remotely reachable IDOR usable by any low-privileged authenticated user with no user interaction, where the subsequent-system high C/I scores correctly capture that the real victim is a different tenant. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or compromises a legitimate low-privilege account in a multi-tenant ChromaDB Rust deployment, then issues normal collection API calls (GET/POST/PUT/DELETE) while substituting another tenant's identifier or collection ID in the request; because the server does not check that the authenticated principal owns that tenant, the response returns or mutates the victim tenant's embeddings and metadata. In a RAG context this means stealing or poisoning the vector store backing another customer's AI assistant.
Remediation No vendor-released patch identified at time of analysis from the supplied data - operators should monitor the HiddenLayer advisory (https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-2) and the upstream Chroma project for a fixed release of the Rust server and upgrade as soon as one is published. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all ChromaDB Rust deployments; determine which versions are in use and whether multi-tenant isolation is relied upon; assess scope of potential exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U
CVE-2026-45830 HIGH
8.8 Jun 12

Cross-tenant data access in ChromaDB Python project version 0.4.17 and later allows any authenticated user to read, writ
CVE-2026-45831 HIGH
8.8 Jun 12

Cross-tenant authorization bypass in ChromaDB's SimpleRBACAuthorizationProvider (versions 0.5.0 and later) allows authen
CVE-2026-45832 HIGH
8.8 Jun 12

Authorization bypass in ChromaDB's Python implementation lets authenticated tenants reach data outside their authorizati

Share

CVE-2026-8828 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy