Filtered by vendor Chroma
Subscriptions
Filtered by product Chromadb
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45829 | 1 Chroma | 1 Chromadb | 2026-05-19 | 10.0 Critical |
| A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in theĀ /api/v2/tenants/{tenant}/databases/{db}/collections endpoint. | ||||
Page 1 of 1.