CVE-2026-45832 - CERT CVE
ID CVE-2026-45832
Sažetak All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.
Reference
CVSS
Base: 8.8
Impact: 5.9
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje 16-06-2026 - 15:07
Objavljeno 12-06-2026 - 16:16