How is CVE-2026-8828 exploited?

Network reachability (required): The attacker must reach the ChromaDB service over the network; the CVSS vector specifies AV:N, meaning no local or physical access is required. Authentication (required): A low-privilege account is sufficient; the CVSS vector specifies PR:L, so any valid authenticated user can trigger the vulnerability without needing admin rights. Victim interaction (not-required): No victim action is needed; the CVSS vector specifies UI:N, so the attacker can exploit the flaw entirely on their own. Attack complexity (info): The CVSS vector specifies AC:L with AT:P (attack requirements: present), meaning the exploit itself is straightforward but depends on the presence of multi-tenant data in the instance; no race condition or special memory layout is needed.

What is the impact of CVE-2026-8828?

Reads stored records, embeddings, and metadata from any tenant's collection, regardless of tenant ownership. Writes or overwrites data into any tenant's collection, injecting arbitrary records or embeddings. Updates existing documents or metadata across all tenants, corrupting application state silently. Deletes collections or individual records belonging to any tenant, causing irreversible data loss.

Back to search

HIGHCVE-2026-8828Published 2026-06-12Modified 2026-06-12CNA HiddenLayer

CVE-2026-8828: A lack of authorization validation in version 1

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

CVSS v4.0: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An authorization bypass in ChromaDB (Rust implementation, version 1.0.0 and later) allows any authenticated user to read, write, update, or delete data across all tenant collections, regardless of which tenant they belong to. The flaw is reachable over the network and requires only a low-privilege account, meaning no special credentials are needed beyond a basic login. Successful exploitation gives an attacker full cross-tenant data access and the ability to modify or destroy any collection. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built ChromaDB images, in both registry scans and CI/CD pipeline checks.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 8.8 (High) and weighting it against each environment's compliance policy to surface it at the correct severity tier. Routing rules can direct the alert to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available

Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix version appears. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be initiated without manual intervention once a fix is available.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the ChromaDB service over the network; the CVSS vector specifies AV:N, meaning no local or physical access is required.
AuthenticationRequired
A low-privilege account is sufficient; the CVSS vector specifies PR:L, so any valid authenticated user can trigger the vulnerability without needing admin rights.
Victim interactionNot required
No victim action is needed; the CVSS vector specifies UI:N, so the attacker can exploit the flaw entirely on their own.
Attack complexityDetail
The CVSS vector specifies AC:L with AT:P (attack requirements: present), meaning the exploit itself is straightforward but depends on the presence of multi-tenant data in the instance; no race condition or special memory layout is needed.

Blast Radius

Reads stored records, embeddings, and metadata from any tenant's collection, regardless of tenant ownership.
Writes or overwrites data into any tenant's collection, injecting arbitrary records or embeddings.
Updates existing documents or metadata across all tenants, corrupting application state silently.
Deletes collections or individual records belonging to any tenant, causing irreversible data loss.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-8828 is active across all scanning environments, matching against any image that includes the affected ChromaDB Rust package at version 1.0.0 or later. Because no upstream patch exists yet, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment a fix version is published; for customers with auto-remediation enabled, that rebuild, regression run, and pull request against affected workloads will proceed automatically without manual steps. In the interim, compensating controls worth considering include isolating ChromaDB instances behind a network policy that restricts ingress to known internal callers only, enforcing egress filtering to limit lateral movement if a credential is compromised, and auditing which service accounts currently hold valid ChromaDB credentials to reduce the pool of accounts that could be abused. Where compliance policy permits, HarborGuard can flag this finding as requiring manual sign-off until an upstream fix is available.

See how HarborGuard automates this

Affected packages

Chroma / ChromaDB
≤ *

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

References

hiddenlayer.com

Metrics

Get notified