ChromaDB 0.4.17+ Code Injection via trust_remote_code True
CVE-2026-45833 Published on June 12, 2026
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/default_tenant/databases/default_database/collections/{collection_id} if they have the UPDATE_COLLECTION permission.
Vulnerability Analysis
CVE-2026-45833 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2026-45833. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2026-45833 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2026-45833
stack.watch emails you whenever new vulnerabilities are published in Red Hat Enterprise Linux Ai or Red Hat Openshift Ai. Just hit a watch button to start following.
Affected Versions
ChromaDB:- Version 0.4.17, <= * is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.