Authentication bypass flaw in ChromaDB vector database enables remote code execution via model loading
Summary
Hide ▲
Show ▼
A critical authentication bypass vulnerability (CVE-2026-45829) in ChromaDB, a widely used open-source vector database for AI applications, allows unauthenticated attackers to remotely execute arbitrary code on exposed servers. The flaw stems from an improperly placed authentication check in the Python FastAPI implementation, enabling attackers to force the system to load and execute a malicious model from Hugging Face before authentication is enforced. Impacted deployments are those exposing the ChromaDB API over HTTP, with nearly 14 million monthly downloads of the PyPI package at risk. Local deployments or those using the Rust frontend are unaffected.
Timeline
-
20.05.2026 01:25 1 articles · 21h ago
Authentication bypass in ChromaDB vector database (CVE-2026-45829) disclosed
A critical authentication bypass vulnerability (CVE-2026-45829) in ChromaDB's Python FastAPI implementation was disclosed, enabling unauthenticated remote code execution via model loading before authentication checks. The flaw affects versions 1.0.0 through 1.5.8 and impacts exposed HTTP endpoints. Shodan data indicates 73% of internet-exposed instances are vulnerable. A patch in version 1.5.9 remains unconfirmed as resolving the issue.
Show sources
- Max-severity flaw in ChromaDB for AI apps allows server hijacking — www.bleepingcomputer.com — 20.05.2026 01:25
Information Snippets
-
CVE-2026-45829 affects ChromaDB versions from 1.0.0 to 1.5.8, introduced in the Python FastAPI implementation of the ChromaDB API server logic.
First reported: 20.05.2026 01:251 source, 1 articleShow sources
- Max-severity flaw in ChromaDB for AI apps allows server hijacking — www.bleepingcomputer.com — 20.05.2026 01:25
-
The vulnerability allows unauthenticated attackers to bypass authentication by embedding malicious model settings in a crafted request, forcing the server to load and execute a model from Hugging Face before the authentication check occurs.
First reported: 20.05.2026 01:251 source, 1 articleShow sources
- Max-severity flaw in ChromaDB for AI apps allows server hijacking — www.bleepingcomputer.com — 20.05.2026 01:25
-
Exploitation requires the ChromaDB API to be exposed over HTTP; local deployments or deployments using the Rust frontend are not affected.
First reported: 20.05.2026 01:251 source, 1 articleShow sources
- Max-severity flaw in ChromaDB for AI apps allows server hijacking — www.bleepingcomputer.com — 20.05.2026 01:25
-
Shodan queries indicate approximately 73% of internet-exposed ChromaDB instances are running vulnerable versions.
First reported: 20.05.2026 01:251 source, 1 articleShow sources
- Max-severity flaw in ChromaDB for AI apps allows server hijacking — www.bleepingcomputer.com — 20.05.2026 01:25
-
The maintainer released version 1.5.9 two weeks prior to the report, but it remains unconfirmed whether CVE-2026-45829 has been patched.
First reported: 20.05.2026 01:251 source, 1 articleShow sources
- Max-severity flaw in ChromaDB for AI apps allows server hijacking — www.bleepingcomputer.com — 20.05.2026 01:25