Loading market data...
← Back to CVE feed

CVE-2026-45832

UNKNOWN View on NVD ↗

Description

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

Published: Jun 12, 2026 16:16 UTC Modified: Jun 12, 2026 16:23 UTC