Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: ai (3 articles)Clear

ChromaDB CVE-2026-45829: unauthenticated RCE via pre-auth model load - 73% of internet-exposed servers vulnerable

HiddenLayer has disclosed a maximum-severity unauthenticated remote-code-execution vulnerability, CVE-2026-45829, in ChromaDB's Python FastAPI server. ChromaDB is one of the most popular vector databases backing retrieval-augmented-generation pipelines, with about 14 million monthly PyPI downloads. A vulnerable endpoint marked as authenticated lets an attacker embed model settings before authentication is checked, so a crafted request makes ChromaDB load a malicious model from Hugging Face and execute it locally. The auth check fires only after the payload has already run. The bug was introduced in 1.0.0 and was still present in 1.5.8. HiddenLayer's Shodan sweep shows ~73% of internet-exposed Chroma instances are vulnerable.

Check
List Python ChromaDB deployments and versions. Check whether the FastAPI HTTP server is reachable beyond its host network. Capture access logs to /api/v1/auth endpoints since 2026-02-17.
Affected
ChromaDB Python FastAPI server 1.0.0 through at least 1.5.8 (1.5.9 status unclear) that exposes the HTTP server to the network. Rust frontend and local-only Python deployments are not affected.
Fix
Move to the Rust frontend, or take the Python HTTP server off the network and front it with an authenticated reverse proxy. Restrict the ChromaDB API port to localhost or VPC-only.

Google says hackers used AI to build first known zero-day for 2FA bypass in unnamed web admin tool

Google's Threat Intelligence Group says it caught the first known case of a real attacker using a large language model to find and weaponize a zero-day - a 2FA bypass in a popular but unnamed open-source web-based system administration tool. Google has high confidence the Python exploit was AI-generated, citing textbook code structure, abundant educational docstrings, and a hallucinated CVSS score in the script. The flaw was a high-level logic bug, the kind LLMs excel at spotting, rather than a memory corruption issue. Google rules out Gemini and warns that AI-assisted exploit development is being industrialized via account-pooling and proxy relays for premium models.

Check
Audit open-source web-based system administration tools your team self-hosts (Webmin, Cockpit, ISPConfig, etc). Check whether 2FA is the only barrier protecting admin access, and review recent admin logins for anomalies.
Affected
The specific affected product remains undisclosed - Google notified the developer and the attack was disrupted pre-mass-exploitation. Generally, any popular open-source web-based system administration tool with a 2FA implementation that relies on a semantic logic check rather than tightly-bound session validation is exposed to this class of AI-discovered logic bug.
Fix
Wait for vendor disclosure when Google's reporting names the product. In the meantime, layer additional controls in front of any web admin panel: place it behind a VPN or zero-trust gateway, require source-IP allowlisting, and rotate admin credentials. Treat 2FA-only protection on internet-exposed admin tools as a single point of failure regardless of the vendor.

Langflow AI platform RCE exploited within 20 hours of disclosure - no auth required (CVE-2026-33017)

Attackers didn't wait for a proof-of-concept. Within 20 hours of CVE-2026-33017 being disclosed in Langflow - an open-source AI workflow builder with 145K+ GitHub stars - they built working exploits straight from the advisory. One crafted HTTP POST to the public flow endpoint is all it takes, no credentials needed. Compromised instances leak API keys for OpenAI, AWS, and connected databases.

Check
Check if you run Langflow, especially any instances exposed to the internet.
Affected
Langflow <= 1.8.1.
Fix
Upgrade to Langflow 1.9.0. If you can't patch now, take instances offline or block the /api/v1/build_public_tmp endpoint.