VulnWatch VulnWatch
← Back to dashboard
High nvd · CVE-2026-8828

CVE-2026-8828: A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users

Published Jun 12, 2026 CVSS 8.8

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

Affected AI Products

chromadb chroma
View original source
Get the weekly digest. Every Monday: top AI security stories of the week. Free.