This vulnerability (CWE-94) affects ChromaDB Python project version 0.4.17. An attacker who is authenticated and has the UPDATE_COLLECTION permission can exploit the flaw by submitting a malicious model repository payload to the /api/v2/tenants/default_tenant/databases/default_database/collections/{collection_id} endpoint with trust_remote_code enabled. This leads to arbitrary code execution on the server, posing a critical security risk.

Successful exploitation results in arbitrary code execution on the server hosting ChromaDB, potentially compromising the entire system. The attacker must be authenticated and have specific permissions, but no user interaction is required beyond that. The CVSS 4.0 score is 9.4 (critical), reflecting the high impact and ease of exploitation under these conditions.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict UPDATE_COLLECTION permissions to trusted users only and avoid enabling the trust_remote_code parameter. Monitor vendor channels for updates and apply patches promptly once available.