A critical vulnerability in ChromaDB, a popular open-source vector database for AI applications, exposes servers to remote code execution attacks. The flaw, identified as CVE-2026-45829, resides in the API server and can be exploited by unauthenticated attackers to execute arbitrary code and access sensitive data1. Researchers at HiddenLayer disclosed the vulnerability after reportedly failing to contact the ChromaDB developers. The issue stems from a race condition in the code, allowing attackers to bypass security measures. As a result, machines running ChromaDB are at risk of compromise, emphasizing the need for prompt attention from administrators. The disclosure of CVE-2026-45829 expands the active attack surface, making it essential for organizations to prioritize mitigation based on their exposure and exploitation evidence. This vulnerability poses a significant threat to the security of AI applications relying on ChromaDB, underscoring the importance of proactive vulnerability management.