Critical RCE Vulnerability (CVE‑2026‑45829) in ChromaDB Vector Database Allows Server Hijacking
What Happened – A newly disclosed max‑severity flaw (CVE‑2026‑45829) in the Python FastAPI implementation of the open‑source ChromaDB vector database lets an unauthenticated attacker execute arbitrary code on any internet‑exposed instance. The vulnerability stems from an authentication check that occurs after a malicious model is fetched and run, effectively bypassing any access control.
Why It Matters for TPRM –
- Over 14 million monthly downloads mean a large supply‑chain footprint across AI‑driven SaaS products.
- Shodan data shows ~73 % of exposed ChromaDB deployments run the vulnerable version, creating a broad attack surface.
- Successful exploitation can lead to full server compromise, data theft, or ransomware deployment on downstream services.
Who Is Affected – AI/ML platform providers, enterprise SaaS vendors, data‑analytics firms, and any organization that embeds ChromaDB’s Python API in production workloads.
Recommended Actions –
- Inventory all services that depend on ChromaDB 1.x Python API and verify version.
- Immediately upgrade to 1.5.9 (if the fix is confirmed) or switch to the Rust front‑end.
- Block public access to the ChromaDB API port; enforce network segmentation and zero‑trust controls.
- Implement runtime scanning of external ML models and disable
trust_remote_codewhere possible.
Technical Notes – The flaw is a remote code execution (RCE) vulnerability triggered by a crafted request that forces the server to load a malicious Hugging Face model before authentication. It affects ChromaDB 1.0.0‑1.5.8; the status of the patch in 1.5.9 is still unverified. No CVE‑based patches were available at publication time. Source: BleepingComputer