← CIO Briefings · Critical Impact ACTION REQUIRED

AI Knowledge Base Software Has a Maximum-Severity Security Flaw — No Fix Available

A maximum-severity vulnerability has been disclosed in ChromaDB, one of the most widely used software components for building AI systems that access company knowledge bases and documents. Attackers can gain full control of the ChromaDB server without any login credentials, accessing all documents stored for the AI system. No fix is currently available. 73% of internet-exposed ChromaDB instances are affected.

4 min read
#GDPR#NIS2#ISO-27001

What Happened

ChromaDB is software that many organisations use as part of their AI systems — specifically to store the documents, knowledge bases, and information that the AI draws on when answering questions (a design called “retrieval-augmented generation” or RAG). For example, an internal AI assistant that can answer questions about company policies or search past projects typically uses a vector database like ChromaDB to store and retrieve that information.

Security researchers have disclosed that ChromaDB has a maximum-severity vulnerability (CVE-2026-45829, the highest possible rating: 10.0/10). An attacker who can reach ChromaDB over a network — including through the internet — can take full control of the system without any username or password, reading or deleting all the documents stored for the AI system, and potentially gaining control of the server hosting it.

No software fix (“patch”) is currently available. The researchers who found the vulnerability worked with ChromaDB before publishing, but a fix has not been released.

Approximately 73% of internet-accessible ChromaDB deployments are vulnerable.

Business Impact

If an attacker reaches a ChromaDB instance containing your organisation’s embedded documents, they can:

  • Read all documents stored in the AI knowledge base — which may include confidential business documents, customer data, employee records, intellectual property, legal correspondence, or financial information depending on what has been embedded into the system
  • Delete or modify documents in the knowledge base, causing the AI system to produce incorrect or misleading outputs
  • Gain control of the server hosting ChromaDB, using it as a launch point for further attacks against internal systems

The severity depends entirely on what documents are in the ChromaDB instance. For organisations that have embedded sensitive or regulated data into AI systems, this vulnerability creates a direct data exposure risk.

Regulatory Implications

If an attacker exploits this vulnerability and accesses personal data stored in the ChromaDB knowledge base (employee records, customer data, health information), GDPR Article 33 requires notification to the supervisory authority within 72 hours. Assess whether your ChromaDB instances contain personal data as part of your immediate review.

Board-Ready Summary

  • A critical security flaw has been found in AI knowledge base software used in many organisations. Attackers can read everything stored in the system without a password.
  • No fix is available yet. We must protect these systems through other means until a fix is released.
  • Immediate action is needed to confirm which AI systems at our organisation are affected and to secure them.

  1. Identify all ChromaDB deployments (today): Work with your development and data science teams to identify every ChromaDB instance in your environment — cloud-hosted, on-premises, and in development environments. This is urgent; shadow deployments that security teams are unaware of represent the highest risk.

  2. Block internet access (today): Verify that ChromaDB instances are not accessible from the internet. Check cloud security group configurations (AWS Security Groups, Azure NSGs, GCP firewall rules) for any rule that allows inbound access to ports 8000 or any custom ChromaDB port from 0.0.0.0/0 or ::/0. Remove any such rules immediately.

  3. Assess what data is stored: For each ChromaDB instance, determine what documents are embedded in it. If personal data or confidential business information is present, treat this as an active data security risk requiring immediate protective action and potential regulatory notification assessment.

  4. Consider temporarily taking AI systems offline: For ChromaDB instances that cannot be network-isolated immediately and contain sensitive data, temporarily disabling the AI service (not the data, just the service) eliminates the attack surface until a patch is available.

  5. Patch as soon as available: Monitor ChromaDB’s GitHub releases and security advisories. When a patched version is published, apply it within 24 hours.