Vulners
Lucene search
CVE-2026-45829
šļøĀ 18 May 2026Ā 15:59:22Reported byĀ HiddenLayerTypeĀ 
Ā cvešĀ web.nvd.nist.govš°ļøĀ 4Ā Media mentionsšĀ 48Ā Viewsš WEB
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Exploit for CVE-2026-45829 | 21 May 202611:24 | ā | githubexploit |
| Exploit for CVE-2026-45829 | 20 May 202615:31 | ā | githubexploit |
 | CVE-2026-45829 | 18 May 202615:59 | ā | attackerkb |
 | CVE-2026-45829 | 19 May 202614:30 | ā | circl |
 | chroma 代ē ę³Øå „ę¼ę“ | 18 May 202600:00 | ā | cnnvd |
 | CVE-2026-45829 | 18 May 202615:59 | ā | cvelist |
 | EUVD-2026-30779 | 18 May 202615:59 | ā | euvd |
 | ChromaDB Python project has a pre-authentication code injection vulnerability | 18 May 202618:31 | ā | github |
 | CVE-2026-45829 | 18 May 202617:16 | ā | nvd |
 | GHSA-F4J7-R4Q5-QW2C ChromaDB Python project has a pre-authentication code injection vulnerability | 18 May 202618:31 | ā | osv |
10
[
{
"vendor": "Chroma",
"product": "ChromaDB",
"packageName": "chromadb",
"repo": "https://github.com/chroma-core/chroma",
"versions": [
{
"status": "affected",
"version": "1.0.0",
"lessThanOrEqual": "*",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Source | Link |
|---|---|
| hiddenlayer | www.hiddenlayer.com/research/chromatoast-served-pre-auth |
| github | www.github.com/chroma-core/chroma/issues/6717 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| embedding_function | request body | api/v2/tenants/{tenant}/databases/{db}/collections | Pre-authentication code execution vulnerability via embedding_function configuration during collection creation | CWE-94 |
| model_name | request body | api/v2/tenants/{tenant}/databases/{db}/collections | Pre-authentication code execution vulnerability via embedding_function configuration during collection creation | CWE-94 |
| trust_remote_code | request body | api/v2/tenants/{tenant}/databases/{db}/collections | Pre-authentication code execution vulnerability via embedding_function configuration during collection creation | CWE-94 |
Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 10:52Current
6.1Medium risk
Vulners AI Score6.1
CVSS 410
EPSS0.09665
SSVC