Back

Critical ChromaDB Vulnerability Enables Remote Code Execution

Severity: High (Score: 69.9)

Sources: Thecyberexpress, Scworld, Bleepingcomputer

Published: 2026-05-20 · Updated: 2026-05-20

Keywords: chromadb, flaw, vector, code, tracked, critical, exposes

Severity indicators: critical, flaw, remote code execution, ot

Summary

A critical vulnerability, CVE-2026-45829, in ChromaDB allows unauthenticated attackers to execute arbitrary code on exposed servers. This flaw affects the FastAPI server of the open-source vector database, which is widely used for AI-driven applications. Approximately 73% of internet-exposed ChromaDB instances are at risk, particularly those running versions 1.0.0 to 1.5.8. The vulnerability was reported on February 17, 2026, and remains unpatched as of the latest version 1.5.8. Attackers can exploit the flaw by sending crafted requests that load malicious models from Hugging Face before authentication checks are performed. Users are advised to restrict access to the API or use the Rust front-end to mitigate risks. The issue has not been addressed despite multiple attempts by researchers to contact the developers for a fix. Key Points: • CVE-2026-45829 allows remote code execution on ChromaDB servers without authentication. • 73% of exposed ChromaDB instances are vulnerable, particularly versions 1.0.0 to 1.5.8. • Users are advised to restrict API access or switch to the Rust front-end to mitigate risks.

Detailed Analysis

**Impact** Approximately 73% of internet-exposed ChromaDB instances running versions 1.0.0 through 1.5.8 are vulnerable, affecting an estimated user base with nearly 14 million monthly PyPI downloads. Sectors impacted include AI-driven semantic retrieval, with known users spanning technology firms like Mintlify, Weights & Biases, Factory AI, and enterprises such as Capital One and UnitedHealthcare. The vulnerability allows attackers to execute arbitrary code, risking exposure of environment variables, API keys, mounted secrets, and any accessible data on affected servers. **Technical Details** The vulnerability (CVE-2026-45829) resides in the Python FastAPI server of ChromaDB, where an unauthenticated POST request to the collection creation endpoint triggers embedding model loading before authentication. Attackers exploit the `model_name` parameter to load a malicious HuggingFace model with `trust_remote_code: true`, enabling remote code execution. The flaw is present from version 1.0.0 through 1.5.8, with a reported but unconfirmed fix in 1.5.9. The attack chain involves pre-authentication code execution, followed by a failed authentication response, leaving the system compromised despite apparent request rejection. **Recommended Response** Apply the latest ChromaDB update (1.5.9) after verifying the vulnerability is addressed. Until confirmed patched, avoid exposing the Python FastAPI server publicly and consider deploying the Rust frontend instead. Restrict network access to the ChromaDB API port and scan ML model artifacts for malicious code before runtime, especially when using HuggingFace models with `trust_remote_code`. Monitor for anomalous API requests to the collection creation endpoint and failed authentication attempts accompanied by unusual process activity.

Source articles (3)

  • Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution — Thecyberexpress · 2026-05-20
    The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast Served Pre-Auth, affects the open-source vector database ChromaDB. ChromaDB is widely used for semantic and A…
  • Max — Scworld · 2026-05-20
    A critical vulnerability in the Python FastAPI version of the ChromaDB project, tracked as CVE-2026-45829, allows unauthenticated attackers to execute arbitrary code on exposed servers. This flaw, dis…
  • Max — Bleepingcomputer · 2026-05-19
    A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as CVE-2026-458…

Timeline

  • 2026-02-17 — CVE-2026-45829 reported: The vulnerability was disclosed to ChromaDB developers, highlighting critical security flaws.
  • 2026-05-18 — CVE-2026-45829 published: The vulnerability was officially published, receiving maximum severity from HiddenLayer.
  • 2026-05-20 — Current status of vulnerability: ChromaDB remains unpatched in version 1.5.8, leaving many deployments exposed.

CVEs

  • CVE-2026-45829

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • CWE-94 - Code Injection (Cwe)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • T1190 - Exploit Public-Facing Application (Mitre Attack)
  • ChromaDB (Platform)
  • PyPI (Platform)
  • Rust (Platform)
  • Docker (Tool)
  • FastAPI (Tool)
  • Hugging Face (Tool)
  • Python (Tool)
  • HuggingFace (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed