Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 16 Jun 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Trychroma
Trychroma chromadb |
|
| CPEs | cpe:2.3:a:trychroma:chromadb:*:*:*:*:*:python:*:* | |
| Vendors & Products |
Trychroma
Trychroma chromadb |
|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 15 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Authenticated Authorization Bypass Enables Arbitrary Tenant Data Access in ChromaDB | chromadb: ChromaDB: Unauthorized data manipulation due to improper authorization validation |
| Weaknesses | CWE-266 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Fri, 12 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Authenticated Authorization Bypass Enables Arbitrary Tenant Data Access in ChromaDB | |
| First Time appeared |
Chroma
Chroma chromadb |
|
| Vendors & Products |
Chroma
Chroma chromadb |
Fri, 12 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 12 Jun 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to. | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: HiddenLayer
Published:
Updated: 2026-06-30T12:10:18.404Z
Reserved: 2026-05-13T14:01:39.604Z
Link: CVE-2026-45830
Updated: 2026-06-30T03:18:58.305Z
Status : Analyzed
Published: 2026-06-12T16:16:28.660
Modified: 2026-06-16T15:07:46.483
Link: CVE-2026-45830
OpenCVE Enrichment
Updated: 2026-06-15T14:00:12Z