Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: vector-database (1 article)Clear

ChromaDB CVE-2026-45829: unauthenticated RCE via pre-auth model load - 73% of internet-exposed servers vulnerable

HiddenLayer has disclosed a maximum-severity unauthenticated remote-code-execution vulnerability, CVE-2026-45829, in ChromaDB's Python FastAPI server. ChromaDB is one of the most popular vector databases backing retrieval-augmented-generation pipelines, with about 14 million monthly PyPI downloads. A vulnerable endpoint marked as authenticated lets an attacker embed model settings before authentication is checked, so a crafted request makes ChromaDB load a malicious model from Hugging Face and execute it locally. The auth check fires only after the payload has already run. The bug was introduced in 1.0.0 and was still present in 1.5.8. HiddenLayer's Shodan sweep shows ~73% of internet-exposed Chroma instances are vulnerable.

Check
List Python ChromaDB deployments and versions. Check whether the FastAPI HTTP server is reachable beyond its host network. Capture access logs to /api/v1/auth endpoints since 2026-02-17.
Affected
ChromaDB Python FastAPI server 1.0.0 through at least 1.5.8 (1.5.9 status unclear) that exposes the HTTP server to the network. Rust frontend and local-only Python deployments are not affected.
Fix
Move to the Rust frontend, or take the Python HTTP server off the network and front it with an authenticated reverse proxy. Restrict the ChromaDB API port to localhost or VPC-only.