CVE-2026-8828
CVE-2026-8828
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Produtos afetados
Chroma · ChromaDBQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →