GHSA-843m-rfxf-6v2gHigh

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows...

Published
June 12, 2026
Last Modified
June 12, 2026

🔗 CVE IDs covered (1)

📋 Description

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

🔗 References (3)