CVE-2026-45829 – ChromaDB Remote Code Injection Vulnerability

CVE ID :CVE-2026-45829

Published : May 18, 2026, 3:59 p.m. | 1 hour, 4 minutes ago

Description :A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…