Loading market data...
← Back to CVE feed

CVE-2026-45831

UNKNOWN View on NVD ↗

Description

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions.

Published: Jun 12, 2026 16:16 UTC Modified: Jun 12, 2026 16:23 UTC