How is CVE-2026-45830 exploited?

Network reachability (required): The vulnerable ChromaDB service must be reachable over the network; the attacker sends crafted API requests directly to it. Authentication (required): A low-privilege account is sufficient; any valid ChromaDB user credential satisfies this requirement, but some form of login is necessary. Victim interaction (not-required): No user interaction is needed; the attacker operates entirely through their own authenticated session without involving another user. Attack complexity (info): Base exploitation is condition-free and reliable (AC:L), though an attack trigger prerequisite (AT:P) means certain environmental or timing conditions must align for the cross-tenant access to succeed.

What is the impact of CVE-2026-45830?

Reads all stored vectors, metadata, and documents in any other tenant's ChromaDB collections, exposing data the attacker has no legitimate access to. Writes or overwrites records in other tenants' collections, allowing poisoning of vector embeddings or injection of malicious data. Updates or deletes arbitrary collection entries across all tenants, enabling permanent data destruction or silent corruption of production datasets. Achieves equivalent impact on systems connected to ChromaDB (SC:H, SI:H) that consume its data, as tampered or exfiltrated embeddings propagate downstream.

Back to search

HIGHCVE-2026-45830Published 2026-06-12Modified 2026-06-12CNA HiddenLayer

CVE-2026-45830: A lack of authorization validation in version 0

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

CVSS v4.0: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An authorization bypass vulnerability in ChromaDB (version 0.4.17 and later) allows any authenticated user to read, write, update, or delete data across all tenant collections without restriction. The flaw is reachable over the network and requires only a low-privilege account, meaning an attacker with standard credentials can cross tenant boundaries freely. Successful exploitation gives full access to other tenants' stored data and the ability to tamper with or destroy it. HarborGuard is tracking the advisory for patch availability, as no fix version has been published yet.

HarborGuard Coverage

Detection

Detection of CVE-2026-45830 is available across every HarborGuard environment. Ingestion from upstream advisory feeds occurs within minutes of publication, and matching runs against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle ChromaDB.

Available

Triage

Triage is available using the CVSS v4.0 score of 8.8 (HIGH), weighted against each customer organization's compliance policy to determine priority and routing. Findings are surfaced to the appropriate team inbox within each customer org based on configured policy rules.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the ChromaDB advisory on every ingest cycle. The moment a patched release is available upstream, a rebuilt image at that version becomes available, and for customers with auto-remediation enabled, HarborGuard will trigger a rebuild, run regression tests, and open a PR against affected workloads.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable ChromaDB service must be reachable over the network; the attacker sends crafted API requests directly to it.
AuthenticationRequired
A low-privilege account is sufficient; any valid ChromaDB user credential satisfies this requirement, but some form of login is necessary.
Victim interactionNot required
No user interaction is needed; the attacker operates entirely through their own authenticated session without involving another user.
Attack complexityDetail
Base exploitation is condition-free and reliable (AC:L), though an attack trigger prerequisite (AT:P) means certain environmental or timing conditions must align for the cross-tenant access to succeed.

Blast Radius

Reads all stored vectors, metadata, and documents in any other tenant's ChromaDB collections, exposing data the attacker has no legitimate access to.
Writes or overwrites records in other tenants' collections, allowing poisoning of vector embeddings or injection of malicious data.
Updates or deletes arbitrary collection entries across all tenants, enabling permanent data destruction or silent corruption of production datasets.
Achieves equivalent impact on systems connected to ChromaDB (SC:H, SI:H) that consume its data, as tampered or exfiltrated embeddings propagate downstream.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix for CVE-2026-45830 exists yet, HarborGuard monitors the ChromaDB advisory on every ingest cycle and will make a patched-image rebuild available immediately once an upstream fix is published. In the meantime, customers can apply compensating controls through HarborGuard policy rules: network-policy isolation to restrict ChromaDB API access to known authorized services, egress filtering to limit which workloads can reach the ChromaDB endpoint, and flagging any image bundling ChromaDB 0.4.17 or later for manual review. For customers with auto-remediation enabled, a rebuild plus regression run and PR against affected workloads will be triggered automatically the moment a fix version is ingested from upstream.

See how HarborGuard automates this

Affected packages

Chroma / ChromaDB
≤ *

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

References

hiddenlayer.com

Metrics

Get notified