CVE 8.8 HIGH

CVE-2026-45830_CVE-2026-45830

June 12, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Description

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

AI Analysis

Lack of authorization validation allowing arbitrary data access

Basic Information

ID CVE-2026-45830

Source HiddenLayer

Published Jun 12, 2026 at 14:46

Affected Product

Vendor Chroma

Product ChromaDB

Version 0.4.17

Affected Versions Chroma ChromaDB 0.4.17

CWE Classification

CWE-639

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Chroma

Product ChromaDB

Version 0.4.17

References

www.hiddenlayer.com /sai-security-advisory/2026-06-chromadb

{
    "lastseen": "",
    "description": "A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.",
    "published": "2026-06-12T14:46:54.823Z",
    "modified": "2026-06-12T14:46:54.823Z",
    "type": "cve",
    "title": "CVE-2026-45830",
    "source": "HiddenLayer",
    "references": "https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb",
    "id": "CVE-2026-45830",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "Chroma ChromaDB 0.4.17",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ChromaDB",
    "version": "0.4.17",
    "vendor": "Chroma",
    "ai_description": "Lack of authorization validation allowing arbitrary data access",
    "ai_severity": "High",
    "ai_vendor": "Chroma",
    "ai_product": "ChromaDB",
    "ai_version": "0.4.17",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply