VYPR
← All advisories
High severityNVD Advisory· Published Jun 12, 2026· Updated Jun 12, 2026

CVE-2026-8828

CVE-2026-8828

Description

Insufficient authorization in ChromaDB Rust backends (1.0.0+) lets any authenticated user access any tenant's data via collection UUID.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Insufficient authorization in ChromaDB Rust backends (1.0.0+) lets any authenticated user access any tenant's data via collection UUID.

Vulnerability

A lack of authorization validation in the ChromaDB Rust project (all backends, SQLite and Spanner) allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to. The bug affects versions 1.0.0 through the latest release. The root cause is an IDOR (Insecure Direct Object Reference) where the collection lookup skips the tenant and database filter when a UUID is provided. In the Rust SQLite backend (rust/sysdb/src/sysdb.rs:547), the database parameter is dropped entirely, and the underlying sqlite.rs:635-681 calls get_collections_with_conn() with None for tenant, database, and name. The query builder at sqlite.rs:709-761 adds no WHERE condition for tenant, resolving the collection purely by UUID. The Rust Spanner backend (rust/rust-sysdb/src/spanner.rs:1091-1134) lacks any tenant or database filter in its SQL query, using only WHERE c.collection_id = @collection_id AND c.is_deleted = FALSE. This systemic vulnerability exists across all sysdb implementations, not just the Python SQLite path [1].

Exploitation

An attacker needs a valid authenticated session and knowledge of a victim's collection UUID. No special privileges beyond standard user authentication are required. The attacker can simply call the affected API endpoints (all three backend paths in the Rust Axum-based frontend) supplying the target collection UUID. The server does not check that the authenticated principal belongs to the tenant that owns that collection. In production distributed deployments configured via the Kubernetes Helm chart (k8s/distributed-chroma/), the same IDOR is present [1].

Impact

A successful attacker gains the ability to read, write, update, or delete data in any collection across any tenant. This results in complete compromise of confidentiality, integrity, and availability of stored vector data within ChromaDB. The CIA impact is high, and the attack scale is scoped to all collections in all tenants of the affected deployment [1].

Mitigation

According to the advisory, the vulnerability was disclosed to ChromaDB on February 17, 2026 [1]. As of the publication date (June 12, 2026), no fixed version or specific workaround has been disclosed in the available references. Users should monitor official ChromaDB channels for a patched release. No KEV listing is indicated at this time [1].

References
  1. HiddenLayer SAI Security Advisory | ChromaDB

AI Insight generated on Jun 12, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Collection lookup by UUID skips tenant and database authorization checks in all Rust sysdb backends."

Attack vector

An authenticated attacker who possesses a valid collection UUID can read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to [ref_id=1]. The Rust Axum-based frontend, used in production distributed deployments configured via the Kubernetes Helm chart, contains the identical IDOR across all three backend paths [ref_id=1]. ChromaDB's collection lookup skips the tenant and database filter when a UUID is provided, so the attacker simply supplies a victim's collection UUID to access cross-tenant data [ref_id=1]. The vulnerability is systemic — it exists in every sysdb implementation, not just the Python SQLite path [ref_id=1].

Affected code

The vulnerability exists in the Rust-based ChromaDB sysdb backends. In the SQLite backend (`rust/sysdb/src/sysdb.rs:547`), the `SysDb::Sqlite` variant drops the database parameter entirely, and the underlying `sqlite.rs:635-681` calls `get_collections_with_conn()` with `None` for tenant, database, and name, causing the query builder at `sqlite.rs:709-761` to add no WHERE conditions for tenant or database when a UUID is provided [ref_id=1]. The Spanner backend (`rust/rust-sysdb/src/spanner.rs:1091-1134`) has no tenant or database filter in its SQL query — the WHERE clause only checks `c.collection_id = @collection_id AND c.is_deleted = FALSE` [ref_id=1].

What the fix does

The advisory does not include a published patch, but the remediation guidance is clear: the collection lookup functions must include tenant and database filters when resolving a collection by UUID [ref_id=1]. In the SQLite backend, the `None` values for tenant, database, and name must be replaced with the actual caller's tenant and database context so that the query builder adds the appropriate WHERE conditions [ref_id=1]. In the Spanner backend, the SQL query must include `AND c.tenant = @tenant` (and a database filter) to prevent cross-tenant access [ref_id=1].

Preconditions

  • authAttacker must be an authenticated user of the ChromaDB system
  • inputAttacker must know or guess a valid collection UUID belonging to another tenant
  • configThe deployment must be using the Rust-based distributed ChromaDB (version 1.0.0 or later)

Generated on Jun 12, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.