HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical RCE Vulnerability (CVE-2026-45829) in ChromaDB Vector Database Allows Server Hijacking

A max‑severity remote code execution flaw (CVE‑2026‑45829) in the Python FastAPI version of ChromaDB lets unauthenticated attackers execute malicious models before authentication. Over 70 % of internet‑exposed instances run the vulnerable code, exposing AI‑driven SaaS providers and downstream customers to full server compromise.

LiveThreat™ Intelligence · 📅 May 20, 2026· 📰 bleepingcomputer.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

Critical RCE Vulnerability (CVE‑2026‑45829) in ChromaDB Vector Database Allows Server Hijacking

What Happened – A newly disclosed max‑severity flaw (CVE‑2026‑45829) in the Python FastAPI implementation of the open‑source ChromaDB vector database lets an unauthenticated attacker execute arbitrary code on any internet‑exposed instance. The vulnerability stems from an authentication check that occurs after a malicious model is fetched and run, effectively bypassing any access control.

Why It Matters for TPRM

  • Over 14 million monthly downloads mean a large supply‑chain footprint across AI‑driven SaaS products.
  • Shodan data shows ~73 % of exposed ChromaDB deployments run the vulnerable version, creating a broad attack surface.
  • Successful exploitation can lead to full server compromise, data theft, or ransomware deployment on downstream services.

Who Is Affected – AI/ML platform providers, enterprise SaaS vendors, data‑analytics firms, and any organization that embeds ChromaDB’s Python API in production workloads.

Recommended Actions

  • Inventory all services that depend on ChromaDB 1.x Python API and verify version.
  • Immediately upgrade to 1.5.9 (if the fix is confirmed) or switch to the Rust front‑end.
  • Block public access to the ChromaDB API port; enforce network segmentation and zero‑trust controls.
  • Implement runtime scanning of external ML models and disable trust_remote_code where possible.

Technical Notes – The flaw is a remote code execution (RCE) vulnerability triggered by a crafted request that forces the server to load a malicious Hugging Face model before authentication. It affects ChromaDB 1.0.0‑1.5.8; the status of the patch in 1.5.9 is still unverified. No CVE‑based patches were available at publication time. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/max-severity-flaw-in-chromadb-for-ai-apps-allows-server-hijacking/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →