VulnWatch VulnWatch
← Back to dashboard
High nvd · CVE-2026-45832

CVE-2026-45832: All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorizatio

Published Jun 12, 2026 CVSS 8.8

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

Affected AI Products

chromadb chroma
View original source
Get the weekly digest. Every Monday: top AI security stories of the week. Free.