{"data":{"id":"aabd02fd-49f9-4a6f-855c-0e9d8223c426","title":"CVE-2026-8828: A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users","summary":"ChromaDB Rust (version 1.0.0 and later) has a security flaw where authorization validation (checking whether a user has permission to access data) is missing, allowing any logged-in user to read, write, update, or delete data from any tenant's collection (a storage area for data), even if they shouldn't have access to it. This is rated as HIGH severity with a CVSS score (a 0-10 rating of how severe a vulnerability is) of 8.8.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-8828","publishedAt":"2026-06-12T16:16:34.687Z","cveId":"CVE-2026-8828","cweIds":["CWE-639"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ChromaDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-12T16:16:34.687Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}