PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45829 Chroma CVE debrief

CVE-2026-45829 is a critical pre-authentication code injection issue affecting version 1.0.0 and later of the ChromaDB Python project. According to the published description, an unauthenticated attacker can send a malicious model repository to the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint and, when trust_remote_code is set to true, achieve arbitrary code execution on the server. NVD listed the record as Awaiting Analysis at the time of source capture, and the public references point to both the project issue tracker and HiddenLayer research.

Vendor
Chroma
Product
ChromaDB
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-18
Original CVE updated
2026-05-19
Advisory published
2026-05-18
Advisory updated
2026-05-19

Who should care

Anyone operating ChromaDB Python deployments, especially internet-facing instances or environments that allow users to create or update collections, should treat this as urgent. Teams that rely on model repositories, enable trust_remote_code, or let untrusted users reach the collections endpoint are the highest-priority audience.

Technical summary

The vulnerability is described as a pre-authentication code injection path in the collections API. The attacker does not need prior credentials, and the risky condition is trust_remote_code=true combined with a malicious model repository. The impact described in the source material is full arbitrary code execution on the server, which aligns with a critical CVSS 10.0 classification and CWE-94-style code injection behavior.

Defensive priority

Immediate. This is an unauthenticated server-side code execution condition with direct integrity, confidentiality, and availability impact.

Recommended defensive actions

  • Identify all ChromaDB Python deployments version 1.0.0 or later and determine whether the affected collections endpoint is reachable.
  • Disable or strictly forbid trust_remote_code for any untrusted or externally supplied model repository content.
  • Restrict access to /api/v2/tenants/{tenant}/databases/{db}/collections behind strong authentication, network controls, and least-privilege authorization.
  • Treat any exposure of this feature to untrusted users as high risk and remove it from public-facing paths until vendor remediation is available.
  • Review logs and host telemetry for unexpected process creation, module loading, or other signs of server-side code execution tied to collection creation or model repository handling.
  • Follow project and vendor guidance from the linked issue and research, and apply a fixed release or mitigation once one is published.

Evidence notes

Source corpus describes the issue as a pre-authentication code injection in the ChromaDB Python project, with arbitrary code execution possible when a malicious model repository is processed and trust_remote_code is true. NVD reference metadata lists the Chroma core GitHub issue and HiddenLayer research article as sources. The CVE was published on 2026-05-18 and modified on 2026-05-19; those dates are used here as the vulnerability timeline context.

Official resources

Publicly disclosed on 2026-05-18 and updated on 2026-05-19. No KEV listing was supplied in the source corpus.