"Despite no credentials being provided, the server accepts the request, reaches out to HuggingFace, downloads our model, and executes it. It is only then that the server runs its authentication check and rejects the request. Successful exploitation of the bug provides the attacker with full control of the server process and with access to everything it can reach. This includes sensitive information stored or accessible to the service."
"The vulnerability affects all ChromaDB iterations since version 1.0.0, and roughly 73% of the internet-accessible deployments are affected, HiddenLayer says. The pre-authentication remote code execution flaw could be exploited to leak sensitive information the server has access to, including API keys, environment variables, mounted secrets, and all files on the disk. This broad impact increases the risk for organizations running exposed instances."
ChromaDB is an open source vector database used by AI applications and downloaded by millions of users monthly. A vulnerability tracked as CVE-2026-45829, called ChromaToast, enables pre-authentication remote code execution. The flaw can be triggered by sending a collection creation request without credentials while referencing a crafted HuggingFace model. The server trusts client-supplied model identifiers and acts on them before authentication checks run. During exploitation, the server reaches out to HuggingFace, downloads the malicious model, and executes it before rejecting the request. Successful exploitation grants full control of the server process and access to sensitive data such as API keys, environment variables, mounted secrets, and all disk files. The issue affects ChromaDB versions since 1.0.0 and impacts a large share of internet-accessible deployments.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]