{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-45829/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-45829"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ChromaDB \u003e= 1.0.0"],"_cs_severities":["critical"],"_cs_tags":["chromadb","rce","cve-2026-45829","huggingface","vectordatabase"],"_cs_type":"threat","_cs_vendors":["Chroma"],"content_html":"\u003cp\u003eA critical unpatched vulnerability, CVE-2026-45829 (ChromaToast), exists in ChromaDB, an open-source vector database used in AI applications. This pre-authentication remote code execution (RCE) flaw affects versions 1.0.0 and later. The vulnerability stems from the server\u0026rsquo;s trust in client-supplied model identifiers without proper authentication. An attacker can exploit this by providing a malicious HuggingFace model, which the server executes before conducting authentication checks. This allows the attacker to gain full control of the server process and access sensitive information, including API keys, environment variables, mounted secrets, and all files on the disk. Approximately 73% of internet-accessible ChromaDB deployments are estimated to be affected, with high-profile organizations like Mintlify, Factory AI, and Weights \u0026amp; Biases potentially at risk. This flaw was reported as early as November 2025, but remains unpatched as of ChromaDB version 1.5.8.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a malicious collection creation request to the ChromaDB server.\u003c/li\u003e\n\u003cli\u003eThe request includes a crafted HuggingFace model identifier.\u003c/li\u003e\n\u003cli\u003eThe ChromaDB server, without proper authentication, reaches out to HuggingFace.\u003c/li\u003e\n\u003cli\u003eThe server downloads the attacker-controlled HuggingFace model.\u003c/li\u003e\n\u003cli\u003eThe server executes the downloaded model.\u003c/li\u003e\n\u003cli\u003eThis execution occurs before the server performs any authentication checks.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full control of the server process due to the RCE vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker can then access sensitive data, including API keys, environment variables, secrets, and files.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45829 grants an unauthenticated attacker complete control over the ChromaDB server process. This allows the attacker to steal sensitive data such as API keys, environment variables, and other secrets stored on the server. The attacker can also access all files on the disk, potentially leading to data breaches and further compromise of the affected systems. With an estimated 73% of internet-accessible ChromaDB deployments vulnerable, this poses a significant risk to organizations using ChromaDB, especially those with default configurations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestrict network access to ChromaDB to trusted clients only to mitigate the vulnerability, as suggested by HiddenLayer.\u003c/li\u003e\n\u003cli\u003eApply the suggested remediation in the code: move the authentication check before configuration loading and stripping any keys named ‘kwargs’ from requests in both the V1 and V2 create_collection handles. This is mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eMonitor network connections to ChromaDB servers for suspicious activity originating from untrusted sources.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T12:55:45Z","date_published":"2026-05-19T12:55:45Z","id":"https://feed.craftedsignal.io/briefs/2026-05-chromadb-rce/","summary":"An unpatched pre-authentication remote code execution (RCE) vulnerability, tracked as CVE-2026-45829 and referred to as ChromaToast, in ChromaDB versions 1.0.0 and later allows remote, unauthenticated attackers to execute arbitrary code and leak sensitive information, potentially leading to a server takeover.","title":"Unpatched ChromaDB Vulnerability CVE-2026-45829 Allows Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-05-chromadb-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-45829","version":"https://jsonfeed.org/version/1.1"}