CVE-2026-45832
Summary
| CVE | CVE-2026-45832 |
|---|---|
| State | PUBLISHED |
| Assigner | HiddenLayer |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-12 16:16:28 UTC |
| Updated | 2026-07-15 02:22:07 UTC |
| Description | All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints. |
Risk And Classification
Primary CVSS: v4.0 8.8 HIGH from 6f8de1f0-f67e-45a6-b68f-98777fdb759c
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.002840000 probability, percentile 0.201760000 (date 2026-07-04)
Problem Types: CWE-639 | CWE-551 | CWE-639 CWE-639 Authorization bypass through User-Controlled key | CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 6f8de1f0-f67e-45a6-b68f-98777fdb759c | Secondary | 8.8 | HIGH | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 8.8 | HIGH | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N |
| 3.1 | [email protected] | Primary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | ADP | CVSS | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
CVSS v4.0 Breakdown
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Chroma | ChromaDB | affected 0.5.0 * custom | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AI RHEL AI 3 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AI RHEL AI 3 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AI RHEL AI 3 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AI RHEL AI 3 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift AI RHOAI | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-4 | 6f8de1f0-f67e-45a6-b68f-98777fdb759c | www.hiddenlayer.com | Third Party Advisory |
| access.redhat.com/security/cve/CVE-2026-45832 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45832.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-06-12T16:01:11.219Z | Reported to Red Hat. |
| ADP | 2026-06-12T15:11:46.697Z | Made public. |
Workarounds
ADP: To mitigate this issue, restrict network access to the ChromaDB instance to trusted clients only. Configure firewall rules to limit inbound connections to the ports used by ChromaDB. This will reduce the attack surface by preventing unauthorized remote access to the vulnerable V1 collection-level endpoints. After applying firewall rules, ensure to reload or restart the firewall service for the changes to take effect.