CVE-2026-45829 – ChromaDB Remote Code Injection Vulnerability

CVE ID :CVE-2026-45829

Published : May 18, 2026, 3:59 p.m. | 1 hour, 4 minutes ago

Description :A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-36438 – Intelbras VIP-1230-D-G4 Information Disclosure Vulnerability

CVE-2026-20685 – VMware PCC Path Traversal Information Disclosure

CVE-2025-57282 – Ngrok Command Injection Vulnerability

CVE-2025-56352 – TinyMQTT Broker Protocol Violation Leaving File Descriptors Open