An unpatched remote code execution vulnerability (CVE-2026-45829, dubbed "ChromaToast") in ChromaDB allows unauthenticated attackers to gain full shell access to a server by supplying a malicious HuggingFace model identifier, which the server downloads and executes *before* performing any authentication checks. The flaw affects all ChromaDB versions since 1.0.0 and approximately 73% of internet-accessible deployments, potentially exposing sensitive data such as API keys, environment variables, and files. Despite multiple disclosure attempts by both HiddenLayer (from February 2025) and an independent researcher (from November 2025), Chroma has not responded or issued a patch as of version 1.5.8, leaving administrators to mitigate the risk by restricting network access to trusted clients only.
