An unpatched vulnerability in ChromaDB could allow remote, unauthenticated attackers to spawn a shell and take control of the server process, HiddenLayer reports.
ChromaDB is an open source vector database for building AI applications. It has approximately 13 million monthly pip downloads and is used by high-profile organizations, including Mintlify, Factory AI, and Weights & Biases.
Tracked as CVE-2026-45829 and referred to as ChromaToast, the pre-authentication remote code execution (RCE) flaw could be exploited to leak sensitive information the server has access to, including API keys, environment variables, mounted secrets, and all files on the disk, according to HiddenLayer.
“The root cause of CVE-2026-45829 is two independent failures that compound each other. The server trusts client-supplied model identifiers without restriction, and acts on that trust before authenticating the user sending the request,” HiddenLayer says.
An unauthenticated attacker can trigger the flaw by supplying a malicious HuggingFace model that is executed before authentication checks, providing an attacker with shell access, the cybersecurity firm explains.
