Vulnerabilidades em Chroma
6 resultadosCVE-2026-45829CRITICALA pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attackEPSS 10.3%CVE-2026-45833CRITICALA code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary cEPSS 0.3%CVE-2026-45830HIGHA lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily rEPSS 0.3%CVE-2026-8828HIGHA lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily readEPSS 0.3%CVE-2026-45832HIGHAll V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing atEPSS 0.3%CVE-2026-45831HIGHThe SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a useEPSS 0.2%