274/69 Thursday, May 21, 2026
Cybersecurity researchers from HiddenLayer have disclosed a critical vulnerability tracked as CVE-2026-45829 affecting ChromaDB, a popular open-source vector database widely used in artificial intelligence (AI) and large language model (LLM) applications. The vulnerability could allow unauthenticated attackers to execute arbitrary code on internet-exposed servers running vulnerable instances of ChromaDB. Due to the platform’s widespread adoption, the issue may have broad implications for enterprise AI infrastructure, especially as the PyPI package reportedly receives nearly 14 million downloads per month.
According to the technical analysis, the vulnerability affects ChromaDB deployments using the Python API server implementation and is caused by an authentication order flaw. Attackers can send specially crafted requests that trick the system into downloading malicious models from external platforms such as Hugging Face and executing them on the target server before authentication checks are completed. Although the request is eventually rejected and an error is returned, the malicious code has already been executed by that point. Reports indicate that versions 1.0.0 through 1.5.8 are affected. Data from Shodan also suggests that more than 73% of publicly exposed ChromaDB servers are still running vulnerable versions. The issue does not affect deployments operating exclusively on internal networks without internet exposure or systems configured to use the Rust front-end implementation.
The developers have released version 1.5.9; however, there has not yet been official confirmation that the vulnerability has been fully resolved. As a precaution, system administrators and software developers using ChromaDB are strongly advised to avoid exposing Python API servers directly to the public internet and to restrict network access through firewall rules to only necessary ports. Organizations may also consider migrating workloads to the Rust front-end implementation where applicable. In addition, defenders should closely monitor for suspicious outbound connections and unusual model download activity until a fully verified security fix becomes available.