A high-severity authorization bypass in ChromaDB allows authenticated attackers to circumvent tenant-isolation controls, potentially leading to unauthorized data access.

The vulnerability exists because V1 collection-level endpoints incorrectly pass null values for tenant and database parameters to the authorization layer. This is a post-authentication issue where an authenticated user can bypass intended tenant-isolation boundaries.

With a CVSS score of 8.8, this flaw presents a significant risk to data privacy and multi-tenant security. While it does not grant unauthenticated access or remote code execution, it allows attackers to access data belonging to other tenants, potentially leading to massive unauthorized data exposure within the database.

Immediate Action: Apply the vendor-provided security updates immediately to resolve the improper authorization handling.

Proactive Monitoring: Review API logs for unusual access patterns, specifically looking for requests that target collections outside of a user's assigned tenant.

Compensating Controls: Restrict network access to the ChromaDB instance to trusted clients only to reduce the attack surface.

Public Exploit Available: false

This vulnerability highlights a critical failure in authorization logic. Organizations hosting multi-tenant environments using ChromaDB must prioritize this update to ensure data integrity and tenant isolation. Immediate restriction of network access to trusted clients is strongly recommended as an interim measure.