在ChromaDB(一款流行的AI应用向量数据库)中发现了一个关键的远程代码执行漏洞,被称为“ChromaToast”(CVE-2026-45829)。该漏洞允许未经身份验证的攻击者劫持服务器,可能导致AI代理的长期记忆被污染。该漏洞自1.0.0版本起就存在,影响了互联网上暴露的大部分实例,其中73%被识别为有风险。 AI
影响 ChromaDB中的这一关键漏洞可能导致AI系统被攻破,可能损坏其记忆并允许恶意控制。
排序理由 披露了一个广泛使用的AI基础设施组件中的关键漏洞。
在 Mastodon — mastodon.social 阅读 →
AI 生成摘要 · Google Gemini · 来自 4 个来源。 我们如何撰写摘要 →
Max-severity flaw in # ChromaDB for # AI apps allows server hijacking https://www. bleepingcomputer.com/news/secu rity/max-severity-flaw-in-chromadb-for-ai-apps-allows-server-hijacking/ # cybersecurity
⚠️ Falla critica in ChromaDB: server IA esposti a blocchi e interruzioni. Aggiornare subito e verificare le configurazioni è essenziale. # AI # Cybersecurity 🔗 https://www. tomshw.it/hardware/chromadb-fa lla-critica-server-ia-rce
A critical, unpatched RCE (CVE-2026-45829) in ChromaDB, dubbed "ChromaToast," poses a severe threat to AI applications. Attackers can achieve pre-authentication remote code execution, hijacking servers and even "poisoning" the long-term memory of AI agents. The vulnerability, pre…
CVE-2026-45829: A critical RCE in ChromaDB affects 73% of exposed servers, allowing unauthenticated remote code execution via its FastAPI server. # Cybersecurity # AI https:// deafnews.it/en/article/cve-202 6-45829-rce-in-chromadb-73-dei-server-esposti-a-rischio