BotBeat
...
← Back

> ▌

ChromaChroma
UPDATEChroma2026-05-20

Critical Authentication Bypass Vulnerability in ChromaDB Allows Remote Code Execution

Key Takeaways

  • ▸CVE-2026-45829, a max-severity vulnerability in ChromaDB, allows unauthenticated remote code execution by exploiting a misplaced authentication check that happens after model loading
  • ▸Attackers can force ChromaDB to load and execute malicious models from Hugging Face before authentication is verified, making the subsequent server rejection irrelevant
  • ▸Approximately 73% of internet-exposed ChromaDB instances are running vulnerable versions
Source:
Hacker Newshttps://www.bleepingcomputer.com/news/security/max-severity-flaw-in-chromadb-for-ai-apps-allows-server-hijacking/↗

Summary

A maximum-severity vulnerability (CVE-2026-45829) has been discovered in ChromaDB, an open-source vector database widely used in AI and agentic AI applications. The flaw, identified by security researchers at HiddenLayer, allows unauthenticated attackers to execute arbitrary code on exposed servers by exploiting an authentication check that occurs after model execution rather than before.

The vulnerability affects the Python FastAPI version of ChromaDB, particularly the PyPI package which has nearly 14 million monthly downloads. An attacker can send a crafted request to force ChromaDB to load a malicious model from Hugging Face and execute it locally, with the authentication check firing only after the payload has already run. The flaw was introduced in version 1.0.0 and remained unpatched through version 1.5.8.

According to Shodan searches, approximately 73% of internet-exposed ChromaDB instances are running vulnerable versions. While maintainers released version 1.5.9 two weeks ago, the status of whether this patch addresses the vulnerability remains unclear due to limited communication from the development team. Users are advised to either switch to the Rust frontend, avoid exposing the Python API server publicly, or restrict network access to the API port until the patch is confirmed.

  • Mitigation options include using the Rust frontend, restricting network access to the API port, or keeping the Python server offline until the patch is confirmed effective
AI AgentsMachine LearningCybersecurityOpen Source

More from Chroma

ChromaChroma
RESEARCH

Research Reveals 'Context Rot': LLM Performance Degrades With Longer Input Tokens Despite High Benchmark Scores

2026-04-14
ChromaChroma
PRODUCT LAUNCH

Chroma Releases Context-1: A 20B Parameter Self-Editing Search Agent for Efficient Multi-Hop Retrieval

2026-03-26

Comments

Suggested

MicrosoftMicrosoft
RESEARCH

Microsoft's Leaked 'Aion' Project Reveals Vision for Copilot-First Operating System

2026-07-04
Google / AlphabetGoogle / Alphabet
RESEARCH

Stanford Researchers Use Multi-Agent AI and Reinforcement Learning to Improve HIP Kernel Generation for AMD GPUs

2026-07-04
LLM Agent EcosystemLLM Agent Ecosystem
RESEARCH

Researchers Expose Critical Payload-Less Attack on LLM Agent Supply Chains

2026-07-04
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us