Ghostwire

CVE-2026-45830: A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated...

HIGH CVSS 7.5

Published: June 12, 2026 | Last Modified: June 12, 2026

Description

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.tenable.com/cve/CVE-2026-45830
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-45830