Description
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Published: 2026-05-18
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a pre‑authentication code injection flaw that lets an unauthenticated attacker execute arbitrary code on a ChromaDB server. By sending a malicious model repository and setting trust_remote_code to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint, an attacker can trigger the injection. The weakness is an unsafe code evaluation identified by CWE‑94 and it also involves unsafe deserialization of untrusted data as per CWE‑502.

Affected Systems

Chroma’s ChromaDB product is affected. Any deployment running version 1.0.0 or later that exposes the specified API endpoint is vulnerable.

Risk and Exploitability

The issue has a CVSS score of 10, indicating critical severity, with no EPSS score available and it is not yet listed in CISA’s KEV catalog. Because authentication is not required, an attacker can exploit the flaw from any network position that can reach the vulnerable endpoint. Exploitation would involve crafting a payload and sending the request, which is straightforward for automated tools. The lack of a control mechanism for trust_remote_code makes the flaw easy to leverage.

Generated by OpenCVE AI on May 19, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ChromaDB to a patched release that resolves the code injection vulnerability.
  • Disable the trust_remote_code feature or set it to false until a fix is available.
  • Restrict access to the /api/v2/tenants endpoint by requiring authentication, firewall rules, or network segmentation.

Generated by OpenCVE AI on May 19, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f4j7-r4q5-qw2c ChromaDB Python project has a pre-authentication code injection vulnerability
History

Tue, 19 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Chroma
Chroma chromadb
Vendors & Products Chroma
Chroma chromadb

Tue, 19 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title ChromaDB Pre‑Authentication Code Injection via model repository chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection
Weaknesses CWE-502
References
Metrics threat_severity

None

 cvssV3_1

{'score': 10.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

threat_severity

Critical

Mon, 18 May 2026 17:30:00 +0000

Type Values Removed Values Added
Title ChromaDB Pre‑Authentication Code Injection via model repository

Mon, 18 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Chroma Chromadb
cve-icon MITRE

Status: PUBLISHED

Assigner: HiddenLayer

Published:

Updated: 2026-05-19T12:53:14.537Z

Reserved: 2026-05-13T14:01:39.604Z

Link: CVE-2026-45829

cve-icon Vulnrichment

Updated: 2026-05-19T12:53:03.302Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-18T17:16:34.040

Modified: 2026-05-19T14:16:46.977

Link: CVE-2026-45829

cve-icon Redhat

Severity : Critical

Publid Date: 2026-05-18T15:59:22Z

Links: CVE-2026-45829 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T08:18:53Z

Weaknesses