CVE-2026-45829: A critical RCE in ChromaDB affects 73% of exposed servers, allowing unauthenticated remote code execution via its FastAPI server. # Cybersecurit
A critical remote code execution vulnerability, dubbed "ChromaToast" (CVE-2026-45829), has been discovered in ChromaDB, a popular vector database for AI applications. This flaw allows unauthenticated attackers to hijack servers, potentially leading to the poisoning of AI agents' long-term memory. The vulnerability, present since version 1.0.0, affects a significant portion of internet-exposed instances, with 73% identified as at risk. AI
IMPACT This critical vulnerability in ChromaDB could lead to the compromise of AI systems, potentially corrupting their memory and enabling malicious control.