https://vulnerability.circl.lu/sightings/feed 2026-06-02T11:36:18.818498+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f6f7589f-c015-4403-90dd-813e345f2558/export 2026-06-02T11:36:18.829033+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f6f7589f-c015-4403-90dd-813e345f2558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116603018754930393", "content": "Unpatched ChromaDB Vulnerability Enables Pre-Authentication Server Takeover\nChromaDB faces an unpatched pre-authentication remote code execution vulnerability (CVE-2026-45829) that allows attackers to take over servers by supplying malicious HuggingFace models. The flaw affects the Python FastAPI implementation and enables unauthorized access to sensitive API keys, secrets, and internal files.\n**If you use ChromaDB, immediately verify if you are running the Python-based server and isolate it from the public internet. Prioritize migrating to the Rust-based deployment path, since the vendor has not yet patched this flaw.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/unpatched-chromadb-vulnerability-enables-pre-authentication-server-takeover-l-m-d-4-v/gD2P6Ple2L", "creation_timestamp": "2026-05-19T21:44:20.704634Z"} 2026-05-19T21:44:20.704634+00:00 https://vulnerability.circl.lu/sighting/acc97ebe-9707-4811-a49d-ed87f49ae2fc/export 2026-06-02T11:36:18.828954+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "acc97ebe-9707-4811-a49d-ed87f49ae2fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mmaj3sx2lz2c", "content": "Critical RCE in ChromaDB: 73% of Exposed Servers Vulnerable to CVE-2026-45829", "creation_timestamp": "2026-05-19T23:08:59.034700Z"} 2026-05-19T23:08:59.034700+00:00 https://vulnerability.circl.lu/sighting/a4c1eef4-536e-487f-adbe-266d2d144b9a/export 2026-06-02T11:36:18.828873+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a4c1eef4-536e-487f-adbe-266d2d144b9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmartj3jjc2s", "content": "Max-severity CVE-2026-45829 in ChromaDB Python FastAPI server can allow unauthenticated code execution and server hijacking on exposed systems. Versions 1.0.0 to 1.5.8 are affected. #ChromaDB #CVE202645829 #HiddenLayer", "creation_timestamp": "2026-05-20T01:45:24.203617Z"} 2026-05-20T01:45:24.203617+00:00 https://vulnerability.circl.lu/sighting/86faaca7-3f0c-4e96-9115-62dfc3f71d0f/export 2026-06-02T11:36:18.828783+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "86faaca7-3f0c-4e96-9115-62dfc3f71d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "https://bsky.app/profile/LLMs.activitypub.awakari.com.ap.brid.gy/post/3mmbwm3er7z22", "content": "CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB CVE-2026-45829 is a maximum-severity pre-auth flaw in ChromaDB allowing server hijacking; about 73% of internet-exposed instances ru...\n\n#Resources #Application #Security #CVE [\u2026] \n\n[Original post on dailysecurityreview.com]", "creation_timestamp": "2026-05-20T12:44:59.203983Z"} 2026-05-20T12:44:59.203983+00:00 https://vulnerability.circl.lu/sighting/c4396c68-15bf-4004-a580-6fcbb1a9dcbf/export 2026-06-02T11:36:18.828699+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c4396c68-15bf-4004-a580-6fcbb1a9dcbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "published-proof-of-concept", "source": "Telegram/EUsL0GBkk0Vgc4QR4rSrAW23hhvDTc4r4ZLNoVXnBNt04Fk", "content": "", "creation_timestamp": "2026-05-20T19:00:11.000000Z"} 2026-05-20T19:00:11+00:00 https://vulnerability.circl.lu/sighting/f0f3d674-04cc-45da-845b-fae8cf9b190a/export 2026-06-02T11:36:18.828609+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f0f3d674-04cc-45da-845b-fae8cf9b190a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mmdtlhneo7n2", "content": "Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast Served Pre-Auth, affects th...\n\n#Firewall #Daily #Cyber #News #Vulnerabilities [\u2026] \n\n[Original post on thecyberexpress.com]", "creation_timestamp": "2026-05-21T06:54:46.022713Z"} 2026-05-21T06:54:46.022713+00:00 https://vulnerability.circl.lu/sighting/d70263ef-10a2-41fb-8956-8aef95028531/export 2026-06-02T11:36:18.828511+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d70263ef-10a2-41fb-8956-8aef95028531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "https://t.me/GithubRedTeam/85210", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-45829\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xBlackash\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-21 11:29:16\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-45829\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-21T12:00:05.000000Z"} 2026-05-21T12:00:05+00:00 https://vulnerability.circl.lu/sighting/278e9f0a-efe0-4618-b523-9120c5a633a0/export 2026-06-02T11:36:18.828421+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "278e9f0a-efe0-4618-b523-9120c5a633a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "Telegram/w5uXU2fuLydowGU1SOSgKNWyV15qQF5OtJmcXbqSodLpsbQ", "content": "", "creation_timestamp": "2026-05-21T15:00:17.000000Z"} 2026-05-21T15:00:17+00:00 https://vulnerability.circl.lu/sighting/c51fcb66-4cfb-4266-b632-08b6cfee47da/export 2026-06-02T11:36:18.828307+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c51fcb66-4cfb-4266-b632-08b6cfee47da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "Telegram/6gh1HJgE3RFVn7K8UtbcJPp_JwEYzEQXCykvkUTLZjGZEDc", "content": "", "creation_timestamp": "2026-05-21T21:00:05.000000Z"} 2026-05-21T21:00:05+00:00 https://vulnerability.circl.lu/sighting/b3465900-dafe-4069-b87a-c0bf7c344b01/export 2026-06-02T11:36:18.826970+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "b3465900-dafe-4069-b87a-c0bf7c344b01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45829", "type": "seen", "source": "https://t.me/bdufstecru/3187", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 ChromaDB \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-07111\nCVE-2026-45829\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u0445\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043f\u043e \u00ab\u0431\u0435\u043b\u044b\u043c \u0441\u043f\u0438\u0441\u043a\u0430\u043c\u00bb;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 SIEM-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442).", "creation_timestamp": "2026-05-22T13:23:05.000000Z"} 2026-05-22T13:23:05+00:00