PatchSiren cyber security CVE debrief
CVE-2026-45830 Chroma CVE debrief
CVE-2026-45830 is a HIGH severity vulnerability in the ChromaDB Python project. The vulnerability affects versions 0.4.17 or later and allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection, regardless of which tenant they belong to. The vulnerability has a CVSS score of 8.8 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-45830).
- Vendor
- Chroma
- Product
- ChromaDB
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of ChromaDB Python project versions 0.4.17 or later should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The ChromaDB Python project did not properly validate authorization, allowing authenticated users to perform arbitrary actions on any tenant's collection.
Defensive priority
HIGH
Recommended defensive actions
- Update to a version of ChromaDB Python project that has addressed this vulnerability.
- Restrict access to sensitive data and collections.
- Monitor for suspicious activity.
Evidence notes
Evidence of this vulnerability can be found in the [CVE-2026-45830 CVE record](cve-org) and [CVE-2026-45830 NVD detail](nvd).
Official resources
-
CVE-2026-45830 CVE record
CVE.org
-
CVE-2026-45830 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
6f8de1f0-f67e-45a6-b68f-98777fdb759c
CVE-2026-45830 was published on 2026-06-12T16:16:28.660Z and modified on 2026-06-12T16:23:23.800Z.