{"data":{"id":"748838e1-1f7b-491c-9f98-f6bd246c813f","title":"CVE-2026-45832: All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorizatio","summary":"CVE-2026-45832 is a vulnerability in ChromaDB's Python project where V1 collection-level endpoints (API access points for managing data collections) pass None (empty/null values) for the tenant and database parameters to the authorization layer, allowing attackers with login credentials to bypass authorization controls (security checks that verify what users are allowed to do) by using these older endpoints. The vulnerability has a CVSS score (0-10 severity rating) of 8.8, indicating it is high-severity.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45832","publishedAt":"2026-06-12T16:16:28.933Z","cveId":"CVE-2026-45832","cweIds":["CWE-639"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ChromaDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-12T16:16:28.933Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}