{"data":{"id":"ddb4679b-e903-4693-9ef6-542e94971b61","title":"CVE-2026-45830: A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated us","summary":"ChromaDB (a Python tool for managing data collections) version 0.4.17 and later has a security flaw where authorization validation (checking if a user should be allowed to access something) is missing. This allows any user who is already logged in to read, write, change, or delete data in any tenant's collection (a shared workspace), even if they shouldn't have access to it. The severity is rated as HIGH with a CVSS score of 8.8 (a 0-10 scale measuring how serious a vulnerability is).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45830","publishedAt":"2026-06-12T16:16:28.660Z","cveId":"CVE-2026-45830","cweIds":["CWE-639"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ChromaDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-12T16:16:28.660Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}