How is CVE-2026-45832 exploited?

Network reachability (required): The attacker must reach the ChromaDB service over the network to send crafted V1 API requests. Authentication (required): A low-privilege account is sufficient; any authenticated user can issue V1 requests and trigger the bypass. Victim interaction (not-required): No victim interaction is needed; the attacker sends requests directly to the API without any social engineering step. Attack complexity (info): Exploitation is reliable under normal conditions, though the AT:P token indicates a specific deployment configuration or timing prerequisite may need to be in place.

What is the impact of CVE-2026-45832?

Reads collection data belonging to other tenants or databases, bypassing the isolation that the authorization layer is intended to enforce. Writes to or modifies collection data in tenants and databases the attacker has no legitimate access to, allowing data tampering across organizational boundaries. Compromises both the local ChromaDB instance scope and any upstream or downstream systems that depend on ChromaDB's tenant isolation for access decisions.

Back to search

HIGHCVE-2026-45832Published 2026-06-12Modified 2026-06-12CNA HiddenLayer

CVE-2026-45832: All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

CVSS v4.0: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an authorization bypass vulnerability in ChromaDB's Python project. All V1 collection-level API endpoints pass None instead of the actual tenant and database values to the authorization layer, meaning any low-privilege authenticated user can bypass access controls by targeting those endpoints over the network. Successful exploitation gives the attacker read and write access to collection data across tenant and database boundaries, effectively nullifying ChromaDB's multi-tenant isolation. No fix version has been published; HarborGuard tracks this advisory and will make a patched rebuild available as soon as an upstream fix is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-45832 is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle ChromaDB, in both registry scans and active CI/CD pipeline checks.

Available

Triage

Triage is available with CVSS v4.0 scoring at 8.8 (HIGH), weighted against each customer environment's compliance policy to determine priority. Findings are routed to the appropriate team inbox within the customer organization based on policy configuration.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the ChromaDB service over the network to send crafted V1 API requests.
AuthenticationRequired
A low-privilege account is sufficient; any authenticated user can issue V1 requests and trigger the bypass.
Victim interactionNot required
No victim interaction is needed; the attacker sends requests directly to the API without any social engineering step.
Attack complexityDetail
Exploitation is reliable under normal conditions, though the AT:P token indicates a specific deployment configuration or timing prerequisite may need to be in place.

Blast Radius

Reads collection data belonging to other tenants or databases, bypassing the isolation that the authorization layer is intended to enforce.
Writes to or modifies collection data in tenants and databases the attacker has no legitimate access to, allowing data tampering across organizational boundaries.
Compromises both the local ChromaDB instance scope and any upstream or downstream systems that depend on ChromaDB's tenant isolation for access decisions.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-45832 is active against all customer images containing ChromaDB, including custom-built images, with no configuration required. Because no upstream fix exists as of publication, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild automatically once ChromaDB ships a fix. Where compliance policy permits, customers with auto-remediation enabled will receive a rebuilt image, a regression-test run, and a PR opened against affected workloads with no manual intervention needed. In the interim, compensating controls worth considering include network-policy isolation to restrict which services and users can reach ChromaDB's V1 endpoints, egress filtering to limit lateral movement from a compromised ChromaDB instance, and, where architecturally feasible, routing all collection-level traffic through V2 endpoints if those correctly propagate tenant and database context to the authorization layer.

See how HarborGuard automates this

Affected packages

Chroma / ChromaDB
≤ *

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

References

hiddenlayer.com

Metrics

Get notified