DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-45829: CVE-2026-45829: Pre-Authentication Remote Code Execution in ChromaDB via ChromaToast

#security #cve #cybersecurity

CVE-2026-45829: Pre-Authentication Remote Code Execution in ChromaDB via ChromaToast

Vulnerability ID: CVE-2026-45829
CVSS Score: 10.0
Published: 2026-05-18

CVE-2026-45829, commonly referred to as ChromaToast, is a critical Pre-Authentication Remote Code Execution (RCE) vulnerability affecting the ChromaDB vector database. The flaw exists in the handling of embedding function configurations during collection creation, allowing unauthenticated attackers to execute arbitrary Python code on the server or client applications.

TL;DR

Unauthenticated Remote Code Execution in ChromaDB <= 1.5.8 via arbitrary code injection in the trust_remote_code configuration of the SentenceTransformerEmbeddingFunction.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-94
  • Attack Vector: Network
  • CVSS v4.0: 10.0
  • EPSS Score: 0.00139
  • Impact: Pre-Authentication Remote Code Execution
  • Exploit Status: Proof of Concept Available
  • CISA KEV: Not Listed

Affected Systems

  • ChromaDB Python Server
  • ChromaDB Python Client SDK
  • ChromaDB: 1.0.0 - 1.5.8 (Fixed in: > 1.5.8)

Exploit Details

  • GitHub: Functional Proof-of-Concept repository demonstrating the collection poisoning and RCE attack.

Mitigation Strategies

  • Upgrade ChromaDB server and SDK components to version > 1.5.8.
  • Disable the trust_remote_code option in global server configuration if remote models are not necessary.
  • Implement strong network-level isolation (VPCs, firewalls) to restrict access to the ChromaDB API endpoints.
  • Enforce explicit authentication measures (Static API Keys, OAuth) to prevent unauthenticated access to the /collections API.

Remediation Steps:

  1. Identify all deployed instances of the ChromaDB server and Python Client SDK within your infrastructure.
  2. Update the Python package (pip install --upgrade chromadb) to a patched version greater than 1.5.8.
  3. If upgrading is not immediately possible, modify the server configuration to disallow remote code execution in embedding models.
  4. Audit network access controls and configure a firewall to block public access to the ChromaDB port (default 8000).
  5. Review existing collections via the API to identify any anomalous or unauthorized trust_remote_code configurations.

References

Read the full report for CVE-2026-45829 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)