CVE-2026-8828
HighCVSS 8.8Summary
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.
Risk Assessment
The organization is exposed to unauthorized access to data, which may lead to loss of confidentiality and integrity of information. Malicious users could potentially affect all collections in the system.
Recommendation
It is recommended to implement appropriate authorization validation mechanisms to restrict data access to authorized users only. Consider updating to the latest version if available.
Original NVD description (English source)
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

