2 matches found
CVE-2026-45833
CVE-2026-45833 affects the ChromaDB Python project (version 0.4.17 and later). The issue is a code injection vulnerability where an authenticated attacker can execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true in the API path /api/...
PT-2026-48898
Name of the Vulnerable Software and Affected Versions ChromaDB versions 0.4.17 through 0.4.16 Description An authenticated attacker with the UPDATE COLLECTION permission can execute arbitrary code on the server. This occurs by sending a malicious model repository and setting the trust remote code...