Description
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Published: 2026-05-18
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a pre‑authentication code injection flaw that lets an unauthenticated attacker execute arbitrary code on a ChromaDB server. By sending a malicious model repository and setting trust_remote_code to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint, an attacker can trigger the injection. The weakness is an unsafe code evaluation identified by CWE‑94.

Affected Systems

Chroma’s ChromaDB product is affected. Any deployment running version 1.0.0 or later that exposes the specified API endpoint is vulnerable.

Risk and Exploitability

The issue has a CVSS score of 10, indicating critical severity, with no EPSS score available and it is not yet listed in CISA’s KEV catalog. Because authentication is not required, an attacker can exploit the flaw from any network position that can reach the vulnerable endpoint. Exploitation would involve crafting a payload and sending the request, which is straightforward for automated tools. The lack of a control mechanism for trust_remote_code makes the flaw easy to leverage.

Generated by OpenCVE AI on May 18, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ChromaDB to a patched release that resolves the code injection vulnerability.
  • Disable the trust_remote_code feature or set it to false until a fix is available.
  • Restrict access to the /api/v2/tenants endpoint by requiring authentication, firewall rules, or network segmentation.

Generated by OpenCVE AI on May 18, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 17:30:00 +0000

Type Values Removed Values Added
Title ChromaDB Pre‑Authentication Code Injection via model repository

Mon, 18 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: HiddenLayer

Published:

Updated: 2026-05-18T15:59:22.529Z

Reserved: 2026-05-13T14:01:39.604Z

Link: CVE-2026-45829

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-18T17:16:34.040

Modified: 2026-05-18T20:23:20.240

Link: CVE-2026-45829

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T17:30:05Z

Weaknesses