Lucene search
K
TrychromaChromadb

4 matches found

CVE
CVE
added 2026/06/12 2:46 p.m.58 views

CVE-2026-45830

CVE-2026-45830 affects the ChromaDB Python project (version 0.4.17 and later). The lack of authorization validation allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenancy. The vulnerability is described with a CVSS 4.0 ba...

8.8CVSS5.3AI score0.00345EPSS
CVE
CVE
added 2026/06/12 3:11 p.m.51 views

CVE-2026-45832

CVE-2026-45832 affects the Python project of ChromaDB. All V1 collection-level endpoints pass None for the tenant and database to the authorization layer, which allows attackers to bypass authorization controls when using the V1 endpoints. The reports do not provide any explicit remediation steps...

8.8CVSS5.3AI score0.00284EPSS
CVE
CVE
added 2026/06/12 3:16 p.m.39 views

CVE-2026-45833

CVE-2026-45833 affects the ChromaDB Python project (version 0.4.17 and later). The issue is a code injection vulnerability where an authenticated attacker can execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true in the API path /api/...

9.4CVSS5.8AI score0.00342EPSS
Web
CVE
CVE
added 2026/06/12 3:3 p.m.25 views

CVE-2026-45831

The CVE describes a vulnerability in the SimpleRBACAuthorizationProvider of the ChromaDB Python project (versions 0.5.0 and later). The issue is that it evaluates whether a user has a permission without validating the tenant/database/collection scope, enabling cross-tenant actions. This is the un...

8.8CVSS5.1AI score0.00237EPSS