CVE-2026-45829
Code Injection in ChromaDB Python Project
Publication date: 2026-05-18
Last updated on: 2026-05-19
Assigner: HiddenLayer
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chromadb | chromadb | From 1.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability is severe because it allows an attacker to run arbitrary code on the server without any authentication. This can lead to full system compromise, data theft, data corruption, service disruption, or further attacks within the affected environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for requests to the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint where the parameter trust_remote_code is set to true. Suspicious or unexpected requests containing a malicious model repository payload targeting this endpoint may indicate exploitation attempts.
To detect potential exploitation, you can use network monitoring tools or web server logs to filter for such requests. For example, using command-line tools like curl or wget to simulate requests or grep to search logs for the specific endpoint and parameter.
- Use grep to search server logs for suspicious requests: grep "/api/v2/tenants/.*?/databases/.*?/collections" /var/log/nginx/access.log | grep "trust_remote_code=true"
- Use tcpdump or Wireshark to capture and analyze HTTP traffic targeting the vulnerable endpoint.
- Use curl to test the endpoint with trust_remote_code set to true and observe the response: curl -X POST "http://yourserver/api/v2/tenants/tenant/databases/db/collections" -d '{"trust_remote_code": true, "model_repository": "malicious_payload"}' -H "Content-Type: application/json"
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the trust_remote_code option or ensuring it is never set to true, as this setting allows execution of arbitrary code from untrusted sources.
Additionally, update the ChromaDB Python project to a patched version if available, or apply any official security patches provided by the maintainers.
Restrict access to the vulnerable API endpoint by implementing proper authentication and network-level controls to prevent unauthenticated attackers from reaching it.
- Set trust_remote_code to false or remove it from requests.
- Apply security updates or patches from the ChromaDB project.
- Implement authentication and authorization on the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
- Monitor logs and network traffic for suspicious activity targeting this vulnerability.
Can you explain this vulnerability to me?
This vulnerability is a pre-authentication code injection flaw in the ChromaDB Python project version 1.0.0 or later. It allows an unauthenticated attacker to execute arbitrary code on the server by sending a specially crafted malicious model repository along with the parameter trust_remote_code set to true to a specific API endpoint.