RSS

Max-severity flaw in ChromaDB for AI apps allows server hijacking

sbulaev1 pts0 comments

Max-severity flaw in ChromaDB for AI apps allows server hijacking

Home<br>News<br>Security<br>Max-severity flaw in ChromaDB for AI apps allows server hijacking

Max-severity flaw in ChromaDB for AI apps allows server hijacking

By Bill Toulas

May 19, 2026

06:25 PM

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers.

The flaw is tracked as CVE-2026-45829 and was reported to ChromaDB on February 17. It received the maximum severity score from HiddenLayer, the company that discovered it.

ChromaDB is an open-source vector database and AI retrieval backend used in agentic AI and related applications. It enables retrieving semantically relevant documents during large-language model (LLM) inference.

The flaw affects the codebase containing the vulnerable Python API server logic, so the PyPI package, which has nearly 14 million monthly downloads, is at risk when servers are accessible over HTTP.

Users who deploy it locally without exposing the API server online along with those using the Rust front-end, are not affected by CVE-2026-45829.

According to HiddenLayer, a vulnerable API endpoint marked as authenticated allows attackers to embed model settings before authentication is checked.

An attacker can send a crafted request to force ChromaDB to load a malicious model from the Hugging Face platform and execute it locally. The authentication check is only performed after that step, bypassing security.

&ldquo;The authentication is not missing, [it&rsquo;s] just in the wrong place,&rdquo; explains HiddenLayer.

&ldquo;By the time it fires, the model has already been fetched and executed. The server rejects the request, returns a 500, and the attacker's payload has already run.&rdquo;

Exposure and mitigation

The researchers report that the flaw was introduced in ChromaDB 1.0.0 and was unpatched in version 1.5.8. Two weeks ago, the maintainer released version 1.5.9. However, it remains unclear if the security issue has been fixed.

Since February 17, HiddenLayer researchers have attempted to contact the developer multiple times over email and social media, but received no reply.

BleepingComputer contacted the Chroma team about the status of CVE-2026-45829 but had not received a response by the time of publication. We will update this article if additional details become available.

According to their queries on Shodan, roughly 73% of the internet-exposed instances are running a vulnerable version of Chroma.

Until it becomes clear that CVE-2026-45829 has been patched, the recommendation for impacted users is to pick the Rust frontend for their deployments or avoid exposing the Python server publicly. Another mitigation is to restrict network access to the ChromaDB API port.

The researchers also recommend scanning ML model artifacts before runtime because loading public models with &lsquo;trust_remote_code&rsquo; effectively means executing untrusted code.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.<br>This guide covers the 6 surfaces you actually need to validate.

Download Now

Related Articles:

18-year-old NGINX vulnerability allows DoS, potential RCE<br>13-year-old bug in ActiveMQ lets hackers remotely execute commands<br>Max severity Flowise RCE vulnerability now exploited in attacks<br>CISA: New Langflow flaw actively exploited to hijack AI workflows<br>New critical Exim mailer flaw allows remote code execution

AI

Artificial Intelligence

ChromaDB

Python

RCE

Remote Code Execution

Vulnerability

Zero-Day

Bill Toulas

Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article

Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Upcoming Webinar

Popular Stories

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

Microsoft confirms Windows 11 security update install issues

Sponsor Posts

Patch management isn't enough. See why privilege is defining security risk today.

Are stolen sessions bypassing your security? Find out for free.

Learn about emerging cyber-enabled cargo theft threats at NMFTA’s conference

Managing Shadow AI: 5 Steps to Secure Employee AI Use Without Killing Productivity

Upcoming Webinar

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with...

chromadb flaw allows server severity security

Related Articles

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play

Old Reddit Is Down

Crunsher7 ptsdata autoplay videoplayerelement comments function false

The ultimate female fantasy – A feminist critique of Beauty and the Beast

muge6 ptsbeast story paglia beauty older butler
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.