Technical description
A missing authorisation check in ChromaDB's Rust codebase (version 1.0.0 and later) allows any authenticated user with a valid collection UUID to read, write, update, or delete data in any tenant's collection, completely bypassing tenant isolation. ChromaDB's collection lookup function skips the tenant and database filter when a collection UUID is provided directly, enabling cross-tenant data exfiltration or corruption with low privileges and no user interaction required.
Attack vector
Network-accessible authenticated request: an attacker with any valid ChromaDB account (or a stolen API key) supplies a UUID for a collection belonging to another tenant and receives or modifies that tenant's data. Requires no special privileges beyond a basic authenticated session. Attack complexity is low once any collection UUID is known or bruteforced.
Affected systems
ChromaDB Rust codebase versions >= 1.0.0. Particularly high-risk in multi-tenant SaaS deployments and shared RAG/agentic pipelines where multiple customers or teams share a single ChromaDB instance.
Mitigation
No confirmed patch as of June 13, 2026 (NVD marked 'Awaiting Enrichment'). Immediate compensating controls: (1) deploy strict network segmentation so ChromaDB is only accessible to the specific tenant or service account authorised for each collection; (2) implement an application-layer authorisation wrapper validating tenant ownership before any ChromaDB operation; (3) audit ChromaDB access logs for cross-tenant UUID queries; (4) monitor HiddenLayer's advisory and ChromaDB's GitHub for patch release.