CVE-2026-45830
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.
| CWE | CWE-639 |
| Vendor | chroma |
| Product | chromadb |
| Published | Jun 12, 2026 |
| Last Updated | Jun 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for chroma chromadb
Be the first to know when new unknown vulnerabilities affecting chroma chromadb are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Chroma / ChromaDB
0.4.17 โค *