GHSA-2wm9-hf6c-p5crHighCVSS 8.8

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project...

Published
June 12, 2026
Last Modified
June 16, 2026

🔗 CVE IDs covered (1)

📋 Description

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

🔗 References (3)