CVE-2026-45829

CRITICAL LAB

ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-45829. PoCs published by exploitintel, 0xBlackash, fevar54.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-45829, demonstrating pre-authentication remote code execution in ChromaDB's Python backend via unvalidated kwargs passthrough to HuggingFace's `trust_remote_code`. The PoC includes a Docker-based lab environment with a mock HuggingFace Hub and a malicious model to trigger the vulnerability.

Description

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.

Exploits (3)

github WORKING POC 6 stars
by exploitintel · cpoc
https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-45829

This repository contains a functional exploit for CVE-2026-45829, demonstrating pre-authentication remote code execution in ChromaDB's Python backend via unvalidated kwargs passthrough to HuggingFace's `trust_remote_code`. The PoC includes a Docker-based lab environment with a mock HuggingFace Hub and a malicious model to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ChromaDB Python backend >= 1.0.0 (unpatched as of 1.5.9)
No auth needed
Prerequisites: Docker environment · Python 3.11 · ChromaDB 1.5.9 · HuggingFace transformers library
devstral-2 · analyzed May 19, 2026 Full analysis →
github WRITEUP
by 0xBlackash · poc
https://github.com/0xBlackash/CVE-2026-45829

This repository provides a detailed technical analysis of CVE-2026-45829, a critical pre-authentication RCE vulnerability in ChromaDB. It explains the exploit mechanism involving the embedding function handler and includes mitigation steps and detection dorks.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: ChromaDB ≥ 1.0.0 (including latest 1.5.x)
No auth needed
Prerequisites: Network access to ChromaDB server · ChromaDB version ≥ 1.0.0
devstral-2 · analyzed May 21, 2026 Full analysis →
github WORKING POC
by fevar54 · pythonpoc
https://github.com/fevar54/FULL-ANALYSIS---CVE-2026-45829-ChromaDB-

This repository contains a functional exploit for CVE-2026-45829, a critical pre-authentication RCE vulnerability in ChromaDB versions 1.0.0 to 1.5.8. The exploit leverages the loading of a malicious Hugging Face model with `trust_remote_code=true` to achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ChromaDB < 1.5.9
No auth needed
Prerequisites: Access to a vulnerable ChromaDB instance · A malicious Hugging Face model repository
devstral-2 · analyzed May 20, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v4 10.0
EPSS 0.0966
EPSS Percentile 94.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Lab Environment

EIP LAB
Docker Lab
vulnerable docker pull ghcr.io/exploitintel/cve-2026-45829-vulnerable:latest

Details

CWE
CWE-94
Status published
Products (2)
Chroma/ChromaDB 1.0.0
pypi/chromadb 1.0.0 - 1.5.9PyPI
Published May 18, 2026
Tracked Since May 18, 2026