CVE-2026-45829

Name of the Vulnerable Software and Affected Versions ChromaDB versions 1.0.0 and later

Description A pre-authentication code injection issue allows an unauthenticated attacker to execute arbitrary code on the server. The flaw stems from the server trusting client-provided model identifiers and acting upon them before authenticating the user. An attacker can trigger this by sending a request to create a collection using the '/api/v2/tenants/{tenant}/databases/{db}/collections' endpoint, providing a malicious model repository (such as a crafted HuggingFace model) and setting the trust remote code variable to true. This can lead to full server takeover, privilege escalation, lateral movement, and the leakage of sensitive information, including API keys, environment variables, and disk files. Approximately 73% of internet-facing deployments are estimated to be affected.

Recommendations Restrict network access to ChromaDB exclusively to trusted clients. As a temporary mitigation, avoid setting the trust remote code variable to true when interacting with the '/api/v2/tenants/{tenant}/databases/{db}/collections' endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.