{"data":{"id":"d61b1747-7db7-4f42-8140-5cb6cb4a3f8b","title":"CVE-2026-45831: The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project eva","summary":"ChromaDB Python versions 0.5.0 and later contain a vulnerability in the SimpleRBACAuthorizationProvider (a tool that checks user permissions) where it verifies that a user has permission to do something but fails to check which tenant, database, or collection that permission applies to. This allows users to perform actions across different tenants (separate customer environments) that they shouldn't be able to access.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45831","publishedAt":"2026-06-12T16:16:28.797Z","cveId":"CVE-2026-45831","cweIds":["CWE-863"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ChromaDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-12T16:16:28.797Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}