4 matches found
Authorization Bypass Through User-Controlled Key
Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the V1 collection-level endpoints passing None for tenant and database to the authorization layer. An attacker can gain unauthorized access to resources by...
EUVD-2026-36483
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...
CVE-2026-45832
CVE-2026-45832 affects the Python project of ChromaDB. All V1 collection-level endpoints pass None for the tenant and database to the authorization layer, which allows attackers to bypass authorization controls when using the V1 endpoints. The reports do not provide any explicit remediation steps...
CVE-2026-45832
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...