GHSA-x97m-f58v-9cwgHighCVSS 8.8

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and...

Published
June 12, 2026
Last Modified
June 16, 2026

🔗 CVE IDs covered (1)

📋 Description

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

🔗 References (3)