GHSA-xph7-9rjv-w5frHighCVSS 8.8

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the...

Published
June 12, 2026
Last Modified
June 16, 2026

🔗 CVE IDs covered (1)

📋 Description

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions.

🔗 References (3)