HiddenLayer has disclosed a maximum-severity unauthenticated remote-code-execution vulnerability, CVE-2026-45829, in ChromaDB's Python FastAPI server. ChromaDB is one of the most popular vector databases backing retrieval-augmented-generation pipelines, with about 14 million monthly PyPI downloads. A vulnerable endpoint marked as authenticated lets an attacker embed model settings before authentication is checked, so a crafted request makes ChromaDB load a malicious model from Hugging Face and execute it locally. The auth check fires only after the payload has already run. The bug was introduced in 1.0.0 and was still present in 1.5.8. HiddenLayer's Shodan sweep shows ~73% of internet-exposed Chroma instances are vulnerable.
Google's Threat Intelligence Group says it caught the first known case of a real attacker using a large language model to find and weaponize a zero-day - a 2FA bypass in a popular but unnamed open-source web-based system administration tool. Google has high confidence the Python exploit was AI-generated, citing textbook code structure, abundant educational docstrings, and a hallucinated CVSS score in the script. The flaw was a high-level logic bug, the kind LLMs excel at spotting, rather than a memory corruption issue. Google rules out Gemini and warns that AI-assisted exploit development is being industrialized via account-pooling and proxy relays for premium models.
Attackers didn't wait for a proof-of-concept. Within 20 hours of CVE-2026-33017 being disclosed in Langflow - an open-source AI workflow builder with 145K+ GitHub stars - they built working exploits straight from the advisory. One crafted HTTP POST to the public flow endpoint is all it takes, no credentials needed. Compromised instances leak API keys for OpenAI, AWS, and connected databases.