In a nutshell: A critical security vulnerability (CVE-2026-45829) in ChromaDB allows attackers to execute malicious AI models and take over servers. Approximately 73 percent of exposed instances are at risk. Users should switch to the Rust frontend or isolate their servers.
A maximum-severity vulnerability (CVE-2026-45829) in ChromaDB, a widely-used vector database for AI applications, enables unauthenticated attackers to execute arbitrary code on exposed servers. Security firm HiddenLayer discovered the flaw in early February.
ChromaDB is an open-source vector database and AI retrieval backend for agent-based AI and related applications with nearly 14 million monthly downloads. The vulnerability affects the Python FastAPI version and occurs when the API server is accessible over HTTP.
The core problem lies in faulty authentication logic: An API endpoint marked as authenticated allows attackers to insert malicious model settings before the authentication check. Through a crafted request, attackers can force ChromaDB to load and execute a manipulated model from the Hugging Face platform locally. Authentication only happens afterward — too late to prevent the breach.
The vulnerability was introduced in version 1.0.0 and remained unpatched until version 1.5.8. Although the developer released version 1.5.9 two weeks ago, it remains unclear whether the vulnerability was actually fixed. Since February 17, HiddenLayer researchers have been unsuccessfully attempting to contact the developer via email and social media.
Security assessments show: Approximately 73 percent of ChromaDB instances exposed on the internet use vulnerable versions. Affected users should either use the Rust frontend, keep the Python server not publicly accessible, or restrict network access to the ChromaDB API port until the situation is clarified.