ChromaDB CVE-2026-45829 — Unpatched RCE in Vector Database

AI relevance: ChromaDB is the most widely used open-source vector database for RAG pipelines and agent memory — an unpatched CVSS 10.0 RCE on the server directly compromises any AI app that embeds it.

• CVE-2026-45829 is a max-severity (CVSS 4.0 score: 10.0) flaw in ChromaDB's Python FastAPI server that allows unauthenticated remote code execution.
• The server loads attacker-controlled embedding-function configuration before running its authentication check. Setting trust_remote_code: true and pointing model_name at an attacker-controlled HuggingFace repo triggers Python execution during the POST request — then the server returns 403 Forbidden after the fact.
• Reported to the project on February 17, the flaw remains unpatched in the latest release (v1.5.9).
• Shodan scans by HiddenLayer found roughly 73% of internet-exposed ChromaDB instances running vulnerable versions.
• Successful exploitation gives attackers full control of the server process, including access to embedding data, collection contents, and any credentials stored alongside the vector database.
• The attack requires no prior authentication and has low complexity — any network-reachable Python server instance is at risk.
• HiddenLayer recommends switching to the Rust frontend for deployments, or at minimum restricting network access to the ChromaDB API port until a patch ships.

Why it matters

Vector databases are the backbone of virtually every RAG-based AI application. ChromaDB's popularity in Python-first stacks means thousands of developer-facing and production deployments are potentially exposed. An unpatched CVSS 10.0 RCE in a component that stores embeddings, document chunks, and API keys is an immediate risk to any AI pipeline using it.

What to do

• Audit any deployment using the ChromaDB Python FastAPI server (not the Rust frontend) and check whether it is internet-reachable.
• Restrict network access to the ChromaDB API port behind a firewall or reverse proxy immediately.
• Consider switching to the Rust-based server frontend, which is not affected by this vulnerability.
• Monitor the ChromaDB GitHub repo and advisories for a patch; update as soon as one is released.

Sources

• BleepingComputer — Max-severity flaw in ChromaDB for AI apps allows server hijacking
• Hadrian — CVE-2026-45829 technical write-up
• SecurityWeek — Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
• The Cyber Express — CVE-2026-45829 ChromaToast exploit