CVE-2026-45832

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

CWE	CWE-639
Vendor	chroma
Product	chromadb
Published	Jun 12, 2026
Last Updated	Jun 12, 2026

Stay Ahead of the Next One

Get instant alerts for chroma chromadb

Be the first to know when new unknown vulnerabilities affecting chroma chromadb are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Chroma / ChromaDB

0.5.0 ≤ *

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hiddenlayer.com: https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-4