VYPR
← All advisories
High severityNVD Advisory· Published Jun 12, 2026· Updated Jun 12, 2026

CVE-2026-45831

CVE-2026-45831

Description

ChromaDB's SimpleRBACAuthorizationProvider grants permissions without verifying tenant/database/collection scope, enabling cross-tenant data access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ChromaDB's SimpleRBACAuthorizationProvider grants permissions without verifying tenant/database/collection scope, enabling cross-tenant data access.

Vulnerability

The SimpleRBACAuthorizationProvider in ChromaDB versions 0.5.0 through 1.5.9 evaluates whether a user holds a given action (e.g., read, write) but never checks the tenant, database, or collection scope of that permission [1]. The authorization logic in chromadb/auth/simple_rbac_authz/__init__.py builds a mapping of user_id -> set(actions) and only verifies that the requested action exists in that set [1]. This allows any user with a valid permission to perform that action across all tenants, databases, and collections, bypassing intended resource boundaries [1].

Exploitation

An attacker with valid credentials and a role that grants even a single permission (e.g., read on any resource) can access or modify data belonging to any tenant, database, or collection [1]. No additional privileges, network position beyond normal API access, or user interaction is required. The attacker simply issues authenticated API requests for resources outside their intended scope [1].

Impact

Successful exploitation permits unauthorized read and write access to all ChromaDB data across tenants [1]. An attacker can read sensitive vectors, documents, or metadata from any tenant (confidentiality breach), modify or delete data in any tenant (integrity compromise), and potentially disrupt service availability. The CVSS v4.0 score is 8.9, with high impacts on confidentiality, integrity, and availability for both the vulnerable system and subsequent systems [1].

Mitigation

As of the advisory publication date (2026-06-12), no patch has been released; the latest affected version is 1.5.9 [1]. ChromaDB has acknowledged the vulnerability and indicated a fix will be included in a future release [1]. Until a patched version is available, administrators should restrict network access to the API, monitor for anomalous cross-tenant requests, and avoid relying on the SimpleRBACAuthorizationProvider for multi-tenant isolation. This CVE is not listed on CISA's Known Exploited Vulnerabilities catalog.

References
  1. HiddenLayer SAI Security Advisory | ChromaDB

AI Insight generated on Jun 12, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The authorization check only verifies whether a user holds a given action permission but never validates which tenant, database, or collection that permission applies to, allowing cross-tenant access."

Attack vector

An attacker with a low-privileged account configured for read or write access to a specific tenant can issue API requests targeting any other tenant, database, or collection. The authorization logic in `authorize_or_raise()` [ref_id=1] only checks whether the user's action set contains the requested action (e.g., "read") and ignores the `resource` parameter entirely. Because the SimpleRBACAuthorizationProvider is the only built-in RBAC provider and is used in all official documentation examples [ref_id=1], this affects all deployments using the default authorization setup. The vulnerability is reachable over the network with no special network position beyond authenticated API access [CWE-863].

Affected code

The vulnerability is in `chromadb/auth/simple_rbac_authz/__init__.py` [ref_id=1]. The `__init__` method (lines 40-75) builds a flat mapping of `user_id -> set(actions)` that discards all tenant/database/collection context. The `authorize_or_raise()` method then only checks whether the action string exists in the user's permission set and completely ignores the `resource` parameter that carries the tenant, database, and collection identity [ref_id=1].

What the fix does

The advisory [ref_id=1] does not include a published patch. The remediation guidance is that the SimpleRBACAuthorizationProvider must be modified to enforce per-resource authorization — i.e., the `authorize_or_raise()` method must check not only the action but also the tenant, database, and collection context from the `resource` parameter against the user's assigned scope. Until a fix is released, users should implement a custom authorization provider that performs resource-scoped checks, or isolate tenants at the network layer.

Preconditions

  • authAttacker must have a valid user identity configured in the SimpleRBACAuthorizationProvider with any permission set.
  • networkAttacker must be able to send authenticated API requests to the ChromaDB server.
  • configThe server must be using SimpleRBACAuthorizationProvider (the default and only built-in RBAC provider).

Generated on Jun 12, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.