NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-45829

Summary	A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Publication Date	May 19, 2026, 2:16 a.m.
Registration Date	May 19, 2026, 4:15 a.m.
Last Update	May 19, 2026, 2:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/chroma-core/chroma/issues/6717	6f8de1f0-f67e-45a6-b68f-98777fdb759c
2	https://www.hiddenlayer.com/research/chromatoast-served-pre-auth	6f8de1f0-f67e-45a6-b68f-98777fdb759c

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html