CVE Catalog

CVE-2026-8828

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

Risk Assessment

The organization is exposed to unauthorized access to data, which may lead to loss of confidentiality and integrity of information. Malicious users could potentially affect all collections in the system.

Recommendation

It is recommended to implement appropriate authorization validation mechanisms to restrict data access to authorized users only. Consider updating to the latest version if available.

Original NVD description (English source)

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS