A vulnerability in ChromaDB, an open source vector database used for AI applications, presents a significant security risk as it remains unpatched. This flaw, identified as CVE-2026-45829 or ChromaToast, allows remote code execution by unauthenticated attackers, potentially leading to full server takeover. ChromaDB is widely used, with around 13 million monthly downloads, and serves high-profile users like Mintlify and Weights & Biases. HiddenLayer, the cybersecurity firm that discovered the vulnerability, explains that it stems from the server's acceptance of client-supplied model identifiers without authentication. An attacker can exploit this by submitting a malicious HuggingFace model, gaining shell access before the server performs an authentication check.
This vulnerability affects all versions of ChromaDB since version 1.0.0, with about 73% of internet-accessible deployments at risk. Attempts to report the issue to Chroma have gone unanswered since February, despite previous notice from independent researcher Azraelxuemo in November 2025. While a permanent fix would involve adjusting the authentication process and handling of certain request keys, no patch is available as of ChromaDB version 1.5.8. To mitigate risk, organizations should restrict ChromaDB access to trusted clients. An update from Chroma has been requested but is pending.


