CVE-2026-45829 – ChromaDB

This patch addresses CVE-2026-45829 in ChromaDB, a Critical severity vulnerability that enables remote code execution under certain conditions. The CVSS score is 10.0, which is Critical severity. The update hardens how ChromaDB processes external inputs and prevents attackers from leveraging unsafe execution paths within the database engine.

Proof-of-concept code has been identified, confirming that the vulnerability is practical to exploit. Environments exposing ChromaDB services—especially those integrated into AI pipelines or accessible over networks—are at immediate risk of full compromise if left unpatched.