{"id":"CVE-2026-45833","details":"A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/default_tenant/databases/default_database/collections/{collection_id} if they have the UPDATE_COLLECTION permission.","modified":"2026-07-10T12:00:11.564243036Z","published":"2026-06-12T15:16:33.238Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45833.json","cna_assigner":"HiddenLayer","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0.4.17"},{"last_affected":"*"}]}],"cwe_ids":["CWE-94"]},"references":[{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45833.json"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-45833"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45833.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45833"},{"type":"ADVISORY","url":"https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-5"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2488430"},{"type":"PACKAGE","url":"https://github.com/chroma-core/chroma"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/chroma-core/chroma","events":[{"introduced":"7aa2e3cf1cbf1f1c2f9ff01969b1d1bfe62ce001"},{"last_affected":"11f3c7435e71024aa0a2b53710a28d3289d922d1"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:trychroma:chromadb:*:*:*:*:*:python:*:*","extracted_events":[{"introduced":"0.4.17"},{"last_affected":"1.5.9"}]}}],"versions":["cli-1.4.4","1.5.9","1.5.8","cli-1.4.3","1.5.7","cli-1.4.2","1.5.6","1.5.5","1.5.4","1.5.3","1.5.2","cli-1.4.1","cli-1.4.0","1.5.0","cli-1.3.1","1.4.1","cli-1.3.0","1.4.0","cli-1.2.4","1.3.7","cli-1.2.3","1.3.6","cli-1.2.2","1.3.5","1.3.3","1.3.2","cli-1.2.1","1.3.1","cli-1.2.0","1.3.0","1.2.2","1.2.1","1.2.0","cli-1.1.11","1.1.1","cli-1.1.10","1.1.0","cli-1.1.9","1.0.21","1.0.20","cli-1.1.8","1.0.19","cli-1.1.7","1.0.18","cli-1.1.6","1.0.17","cli-1.1.5","1.0.16","cli-1.1.4","1.0.15","cli-1.1.3","1.0.13","1.0.12","1.0.11","1.0.10","cli-1.1.2","js_release_2.4.6","js_release_2.4.5","js_release_2.4.4","1.0.9","js_release_2.4.3","js_release_2.4.2","js_client_2.4.2","js_release_2.4.1","1.0.8","js_release_2.4.0","cli-1.1.0","js_release_2.3.0","1.0.7","1.0.6","1.0.5","js_release_2.2.1","1.0.4","1.0.3","1.0.2","1.0.0","js_release_2.2.0","js_release_2.1.0","js_release_2.0.1","js_release_1.10.4","js_release_1.10.3","0.6.3","js_release_1.10.2","0.6.1","0.6.2","js_release_1.10.0","0.6.0","0.5.23","js_release_1.9.4","0.5.21","0.5.19","0.5.20","0.5.18","0.5.17","0.5.16","0.5.15","0.5.14","0.5.13","0.5.12","0.5.11","0.5.10","0.5.9","js_release_1.9.2","0.5.7","js_release_1.9.1","0.5.6","0.5.5","0.5.4","0.5.3","0.5.2","0.5.1","0.5.0","0.4.24","0.4.23","js_release_1.8.1","0.4.21","js_release_1.7.3","js_release_1.7.2","js_release_1.7.1","0.4.20","0.4.19","0.4.17"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45833.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}]}