CVE 8.8 HIGH

CVE-2026-45832_CVE-2026-45832

June 12, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Description

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

AI Analysis

Authorization bypass vulnerability in ChromaDB's V1 collection-level endpoints

Basic Information

ID CVE-2026-45832

Source HiddenLayer

Published Jun 12, 2026 at 15:11

Affected Product

Vendor Chroma

Product ChromaDB

Version 0.5.0

Affected Versions Chroma ChromaDB 0.5.0

CWE Classification

CWE-639

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Chroma

Product ChromaDB

Version 0.5.0

References

www.hiddenlayer.com /sai-security-advisory/2026-06-chromadb-4

{
    "lastseen": "",
    "description": "All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.",
    "published": "2026-06-12T15:11:46.697Z",
    "modified": "2026-06-12T15:11:46.697Z",
    "type": "cve",
    "title": "CVE-2026-45832",
    "source": "HiddenLayer",
    "references": "https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-4",
    "id": "CVE-2026-45832",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "Chroma ChromaDB 0.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ChromaDB",
    "version": "0.5.0",
    "vendor": "Chroma",
    "ai_description": "Authorization bypass vulnerability in ChromaDB's V1 collection-level endpoints",
    "ai_severity": "High",
    "ai_vendor": "Chroma",
    "ai_product": "ChromaDB",
    "ai_version": "0.5.0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply