External risk intelligence

ChromaDB allows attackers to run any code on your server.

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-45829

An external attacker can exploit a vulnerability in the ChromaDB service to gain full control of the server without requiring credentials. This flaw puts business operations at significant risk by enabling the theft of sensitive data and the disruption of critical database services.

3Halo Surface Signal

Code Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-45829

The vulnerability affects a database service, which is typically deployed as a back-end component within an internal network or protected environment. While it provides a network-facing API endpoint that allows for potential internet accessibility in some specific architectural configurations or cloud deployments, it is not inherently designed as a public-facing service.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability in ChromaDB allows an attacker to inject and execute arbitrary code on the server. This happens when a specially crafted request is sent to a specific API endpoint, which could lead to a complete compromise of the affected system.

  • It impacts systems running vulnerable ChromaDB.
  • Allows remote code execution.
  • No authentication needed to exploit.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker could exploit this pre-authentication code injection vulnerability by sending a specially crafted request to the ChromaDB API. This request would include a malicious model repository and set `trust_remote_code` to true, leading to arbitrary code execution on the server. This attack is particularly concerning because it requires no prior access to the system.

  • Target the `/api/v2/tenants/{tenant}/databases/{db}/collections` endpoint.
  • Attacker controls model repository.
  • `trust_remote_code` set to true.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability presents a significant risk due to its pre-authentication, remote code execution nature. Attackers are likely to be interested because the vulnerability allows direct code execution on the server without needing any prior access or credentials. The published details and severity suggest it could be a prime target for immediate exploitation.

  • Public exploit proof-of-concept available.
  • Critical vulnerability with easy exploit path.
  • Recent research published on the flaw.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize blocking network access to the `/api/v2/tenants/{tenant}/databases/{db}/collections` endpoint, especially for any publicly exposed ChromaDB instances. Immediately investigate and confirm if any of your services are running a vulnerable version of ChromaDB and assess the risk based on network exposure. Given this is a pre-authentication code injection, any exposure poses a critical risk.

  • Block network access to the vulnerable endpoint.
  • Isolate or take affected services offline.
  • Monitor for malicious payloads in traffic.

Frequently asked questions

What is ChromaDB and what is it used for?

ChromaDB is a database project that stores and manages AI embeddings, which are numerical representations of data used in machine learning. It is often used to power applications that need to search and retrieve information based on semantic similarity, such as recommendation systems or question-answering platforms.

What kind of weakness does CVE-2026-45829 represent in ChromaDB?

CVE-2026-45829 is a code injection vulnerability (CWE-94). This means an attacker can trick the software into running their own malicious code by providing specially crafted input, rather than the intended program instructions.

How can an attacker exploit CVE-2026-45829 without authentication?

An attacker can exploit this vulnerability by sending a malicious request to a specific API endpoint (`/api/v2/tenants/{tenant}/databases/{db}/collections`). They need to include a fake model repository and set a parameter called `trust_remote_code` to 'true', which tricks ChromaDB into executing the attacker's code.

Who should be concerned about this external vulnerability?

Organizations with internet-facing ChromaDB instances should be highly concerned. While ChromaDB is often used internally, network-facing APIs can sometimes be accessible from the internet, posing a risk of remote exploitation.

What are the first steps to respond to this ChromaDB threat?

The immediate first step is to block network access to the affected API endpoint, especially if any ChromaDB instances are exposed to the internet. It is also crucial to identify if your systems use vulnerable versions of ChromaDB and assess the potential risk based on network exposure.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified