CVE-2026-8828

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 12, 2026

Vendor unknown

Description

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

References

https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-2