Loading market data...
← Back to CVE feed

CVE-2026-8828

UNKNOWN View on NVD ↗

Description

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

Published: Jun 12, 2026 16:16 UTC Modified: Jun 12, 2026 16:22 UTC