A critical vulnerability in **ChromaDB**, an open-source vector database widely used in AI applications, poses a significant risk to exposed servers. Tracked as **CVE-2026-45829**, the flaw allows unauthenticated attackers to achieve remote code execution. ### Vulnerability Details The vulnerability, reported to **ChromaDB** on February 17th and assigned a maximum severity score by **HiddenLayer**, stems from an improperly implemented authentication mechanism. **ChromaDB** is used as an AI retrieval backend in agentic AI and related applications. It enables retrieving semantically relevant documents during large-language model (LLM) inference. The vulnerable codebase resides within the Python API server logic. This puts the **PyPI** package, boasting nearly 14 million monthly downloads, at risk when servers are accessible over HTTP. Users deploying **ChromaDB** locally without exposing the API server, or those utilizing the **Rust** front-end, are not affected. According to **HiddenLayer**, the vulnerability lies in an API endpoint that allows attackers to embed model settings before authentication is checked. An attacker can send a crafted request to force **ChromaDB** to load a malicious model from the **Hugging Face** platform and execute it locally, bypassing the authentication check. "The authentication is not missing, [it’s] just in the wrong place,” **HiddenLayer** explains. “By the time it fires, the model has already been fetched and executed. The server rejects the request, returns a 500, and the attacker's payload has already run.” ### Exposure and Mitigation Researchers indicate that **CVE-2026-45829** was introduced in **ChromaDB** 1.0.0 and remained unpatched through version 1.5.8. Version 1.5.9 was released two weeks ago; however, it is unclear whether the security issue has been resolved. **HiddenLayer** reports multiple unsuccessful attempts to contact the developers since February 17th. As of publication, **ChromaDB** has not responded to requests for comment on the status of **CVE-2026-45829**. This article will be updated as more information becomes available. Shodan queries suggest that approximately 73% of internet-exposed instances are running a vulnerable version of **ChromaDB**. Until confirmation of a patch, affected users are advised to utilize the **Rust** frontend for deployments or avoid exposing the Python server publicly. Restricting network access to the **ChromaDB** API port is another recommended mitigation. Furthermore, researchers recommend scanning ML model artifacts before runtime, as loading public models with ‘trust_remote_code’ effectively executes untrusted code.