Description
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Problem types
CWE-94: Improper Control of Generation of Code ('Code Injection')
Product status
1.0.0 (semver)
Credits
Esteban Tonglet
References
www.hiddenlayer.com/research/chromatoast-served-pre-auth
access.redhat.com/security/cve/CVE-2026-45829
bugzilla.redhat.com/show_bug.cgi?id=2479623 (RHBZ#2479623)
security.access.redhat.com/...2/vex/2026/cve-2026-45829.json
www.hiddenlayer.com/research/chromatoast-served-pre-auth
github.com/chroma-core/chroma/issues/6717