CVE-2026-45831: The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project eva
Summary
ChromaDB Python versions 0.5.0 and later contain a vulnerability in the SimpleRBACAuthorizationProvider (a tool that checks user permissions) where it verifies that a user has permission to do something but fails to check which tenant, database, or collection that permission applies to. This allows users to perform actions across different tenants (separate customer environments) that they shouldn't be able to access.
Vulnerability Details
EPSS: 0.0%
June 12, 2026
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45831
First tracked: June 12, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%