PT-2026-41683 · Chromadb · Chromadb
Esteban Tonglet
·
Published
2026-02-17
·
Updated
2026-06-29
·
CVE-2026-45829
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ChromaDB versions 1.0.0 through 1.5.8
Description
A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated remote attacker can execute arbitrary code on the server by sending a request to the '/api/v2/tenants/{tenant}/databases/{db}/collections' endpoint. The attack is performed by providing a malicious model repository (such as a Hugging Face model) and setting the
trust remote code variable to true. The server processes the model configuration and executes the code before performing authentication checks, allowing for full server takeover, privilege escalation, lateral movement, and the theft of sensitive information including API keys and environment variables. Over 4,500 instances have been identified online, with approximately 73% of exposed instances estimated to be vulnerable.Recommendations
Restrict network access to the ChromaDB port to trusted clients only.
As a temporary workaround, switch to the Rust-based execution method (chroma run or Docker images) as the Python-based FastAPI server is the only affected component.
Exploit
Fix
RCE
LPE
Deserialization of Untrusted Data
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Chromadb