Description
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Published: 2026-05-18
Score: 10 Critical
EPSS: 12.4% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows an unauthenticated attacker to inject arbitrary code into a ChromaDB server by submitting a malicious model repository and requesting the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint with trust_remote_code set to true. The flaw involves unsafe code deserialization and execution, identified by CWE‑94 (Improper Control of Generation of Code) and CWE‑502 (Deserialization of Untrusted Data). Successful exploitation would let the attacker run any code on the server, leading to full compromise of confidentiality, integrity, and availability.

Affected Systems

Chroma’s ChromaDB product is affected. Any deployment running version 1.0.0 or later that exposes the specified API endpoint is vulnerable.

Risk and Exploitability

The CVSS score of 10 indicates critical severity, and the EPSS score of 12% shows the likelihood of exploitation is high. The vulnerability is not listed in CISA’s KEV catalog. Likely attack vector is remote API access; based on the description, it is inferred that an attacker can exploit this flaw from any network position that can reach the vulnerable endpoint. Exploitation would involve crafting a malicious payload and sending the request, which can be automated by attackers.

Generated by OpenCVE AI on June 27, 2026 at 14:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ChromaDB to a patched release that resolves the code injection vulnerability.
  • Disable the trust_remote_code feature or set it to false until a fix is available.
  • Restrict access to the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint by requiring authentication, firewall rules, or network segmentation.

Generated by OpenCVE AI on June 27, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f4j7-r4q5-qw2c ChromaDB Python project has a pre-authentication code injection vulnerability
History

Tue, 19 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Chroma
Chroma chromadb
Vendors & Products Chroma
Chroma chromadb

Tue, 19 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title ChromaDB Pre‑Authentication Code Injection via model repository chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection
Weaknesses CWE-502
References
Metrics threat_severity

None

 cvssV3_1

{'score': 10.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

threat_severity

Critical

Mon, 18 May 2026 17:30:00 +0000

Type Values Removed Values Added
Title ChromaDB Pre‑Authentication Code Injection via model repository

Mon, 18 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Chroma Chromadb
cve-icon MITRE

Status: PUBLISHED

Assigner: HiddenLayer

Published:

Updated: 2026-06-29T12:34:19.001Z

Reserved: 2026-05-13T14:01:39.604Z

Link: CVE-2026-45829

cve-icon Vulnrichment

Updated: 2026-06-29T12:34:19.001Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-18T17:16:34.040

Modified: 2026-06-17T10:52:34.017

Link: CVE-2026-45829

cve-icon Redhat

Severity : Critical

Publid Date: 2026-05-18T15:59:22Z

Links: CVE-2026-45829 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T14:30:17Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')