CVE-2026-45830: A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated us
Summary
ChromaDB (a Python tool for managing data collections) version 0.4.17 and later has a security flaw where authorization validation (checking if a user should be allowed to access something) is missing. This allows any user who is already logged in to read, write, change, or delete data in any tenant's collection (a shared workspace), even if they shouldn't have access to it. The severity is rated as HIGH with a CVSS score of 8.8 (a 0-10 scale measuring how serious a vulnerability is).
Vulnerability Details
EPSS: 0.0%
June 12, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45830
First tracked: June 12, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%