<Vulnerability name="CVE-2026-45831">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-06-12T15:03:58</PublicDate>
    <Bugzilla id="2488417" url="https://bugzilla.redhat.com/show_bug.cgi?id=2488417" xml:lang="en:us">
ChromaDB: ChromaDB: Unauthorized cross-tenant actions due to improper authorization checks
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>6.8</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-1220</CWE>
    <Details xml:lang="en:us" source="Mitre">
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in the SimpleRBACAuthorizationProvider authorization provider in the ChromaDB Python project. This vulnerability allows an authenticated user to perform actions across different tenants, databases, or collections without proper authorization. The provider incorrectly evaluates user permissions without verifying the specific scope (tenant, database, or collection) to which those permissions apply. This can lead to unauthorized data access or modification across different user environments.
    </Details>
    <Statement xml:lang="en:us">
is a post-authentication authorization flaw in ChromaDB’s SimpleRBAC provider — it does not grant unauthenticated access and does not enable code execution. RH AI products bundle a vulnerable chromadb version but do not run the Chroma Python server with SimpleRBAC as the default product architecture (AutoRAG uses Milvus/pgvector; RHEL AI bootc uses chromadb as a library). Upstream 8.8 High assumes a multi-tenant Chroma deployment with SimpleRBAC enabled and network reachability; that configuration is not the supported RH default, so Moderate is appropriate for RHOAI and Low for RHEL AI bootc.
    </Statement>
    <Mitigation xml:lang="en:us">
To mitigate this issue, restrict network access to the ChromaDB instance to only trusted clients and services. Implement firewall rules to limit inbound connections to the ChromaDB port from authorized sources. If strict multi-tenant isolation is critical, consider deploying ChromaDB in a single-tenant configuration or exploring alternative authorization mechanisms if available, until a fix for the `SimpleRBACAuthorizationProvider` is deployed.
    </Mitigation>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Will not fix</FixState>
        <PackageName>rhelai3/bootc-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Will not fix</FixState>
        <PackageName>rhelai3/bootc-gaudi-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Will not fix</FixState>
        <PackageName>rhelai3/bootc-rocm-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Will not fix</FixState>
        <PackageName>rhelai3/disk-image-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift_ai">
        <ProductName>Red Hat OpenShift AI (RHOAI)</ProductName>
        <FixState>Affected</FixState>
        <PackageName>rhoai/odh-autorag-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-45831
https://nvd.nist.gov/vuln/detail/CVE-2026-45831
https://www.hiddenlayer.com/sai-security-advisory/2026-06-chromadb-3
    </References>
</Vulnerability>