CVE-2026-45832

Vulnerability

ChromaDB versions 0.5.0 through the latest Python release (as of the advisory) contain a critical authorization bypass in all V1 collection-level endpoints. These endpoints, defined in chromadb/server/fastapi/__init__.py, systematically pass None for the tenant and database parameters to the authorization layer, rendering tenant-scoped access control completely ineffective. The affected code is marked with the comment # NOTE(rescrv, iron will auth): v1 and is present in every V1 endpoint (e.g., add_v1, get_v1). V1 endpoints cannot be disabled in the affected versions [1].

Exploitation

An attacker needs only network access to the ChromaDB API and any valid authentication (low privilege). By using V1 endpoints with a target collection UUID, the attacker can perform any operation (add, get, delete, etc.) without the auth layer enforcing tenant or database scoping. The advisory demonstrates the exact code pattern where sync_auth_and_get_tenant_and_database_for_request is called with None for tenant and database, allowing the attacker-supplied UUID to be passed directly to internal methods [1].

Impact

Successful exploitation gives the attacker unrestricted read/write access to any collection by UUID, completely bypassing tenant isolation. When combined with CVE-2026-45830, any authenticated user can read and write data in any collection, leading to high confidentiality and integrity impact (CVSS 8.8) [1].

Mitigation

No patched version has been released as of the advisory date (2026-06-12). Since V1 cannot be disabled, recommended workarounds include restricting network access to the ChromaDB API at the network perimeter, implementing additional external authorization proxies, or migrating to a different API version if supported. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog at the time of publication [1].