{"uuid": "f6f7589f-c015-4403-90dd-813e345f2558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116603018754930393", "content": "Unpatched ChromaDB Vulnerability Enables Pre-Authentication Server Takeover\nChromaDB faces an unpatched pre-authentication remote code execution vulnerability (CVE-2026-45829) that allows attackers to take over servers by supplying malicious HuggingFace models. The flaw affects the Python FastAPI implementation and enables unauthorized access to sensitive API keys, secrets, and internal files.\n**If you use ChromaDB, immediately verify if you are running the Python-based server and isolate it from the public internet. Prioritize migrating to the Rust-based deployment path, since the vendor has not yet patched this flaw.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/unpatched-chromadb-vulnerability-enables-pre-authentication-server-takeover-l-m-d-4-v/gD2P6Ple2L", "creation_timestamp": "2026-05-19T21:44:20.704634Z"}