What is CVE-2026-45829?

CVE-2026-45829 is a vulnerability in Chroma Chromadb, classified under Code Injection. Published 2026-05-18.

Is CVE-2026-45829 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Chroma Chromadb

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_cod…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.002 (37.6th percentile) — read the EPSS interpretation.

Affected products

Chroma Chromadb — versions 1.0.0

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

0xBlackash/CVE-2026-45829
fevar54/FULL-ANALYSIS---CVE-2026-45829-ChromaDB-

References

6f8de1f0-f67e-45a6-b68f-98777fdb759c
6f8de1f0-f67e-45a6-b68f-98777fdb759c

Frequently asked questions

What is CVE-2026-45829?: CVE-2026-45829 is a vulnerability in Chroma Chromadb, classified under Code Injection. Published 2026-05-18.
Is CVE-2026-45829 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.