VulnWatch VulnWatch
← Back to dashboard
High nvd · CVE-2026-45831

CVE-2026-45831: The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project eva

Published Jun 12, 2026 CVSS 8.8

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions.

Affected AI Products

chromadb chroma
View original source
Get the weekly digest. Every Monday: top AI security stories of the week. Free.