CVE-2026-45829 is a pre-authentication remote code execution vulnerability in ChromaDB, an open source vector database used in AI applications. The vulnerability stems from the server trusting and executing client-supplied model identifiers before authenticating the request. An attacker can send a collection creation request referencing a malicious HuggingFace model without credentials; the server downloads and executes this model before rejecting the request, thereby granting shell access and full control of the server process. This allows attackers to access sensitive data the server can reach, including API keys and secrets. The issue affects all versions since 1.0.0, with approximately 73% of internet-accessible deployments vulnerable. Despite multiple disclosure attempts, ChromaDB has not issued a patch or official fix as of version 1.5.8. Network-level restrictions to trusted clients are advised as a temporary mitigation.

Successful exploitation results in remote, unauthenticated attackers gaining arbitrary code execution and full control over the ChromaDB server process. This includes the ability to leak sensitive information such as API keys, environment variables, mounted secrets, and all files accessible to the server. The vulnerability compromises confidentiality and integrity of data handled by the server and enables complete server takeover.

As of ChromaDB version 1.5.8, no official patch or fix is available. The vendor has not responded to multiple disclosure attempts. Organizations should restrict network access to ChromaDB instances to trusted clients only to mitigate exposure. Full remediation requires code changes to perform authentication checks before loading and executing client-supplied models and to sanitize request parameters, but this has not yet been implemented. Monitor vendor channels for updates and apply patches promptly once available.