TECH NEWS

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover

An unpatched vulnerability in ChromaDB could allow remote, unauthenticated attackers to spawn a shell and take control of the server process, HiddenLayer reports.

ChromaDB is an open source vector database for building AI applications. It has approximately 13 million monthly pip downloads and is used by high-profile organizations, including Mintlify, Factory AI, and Weights & Biases.

Tracked as CVE-2026-45829 and referred to as ChromaToast, the pre-authentication remote code execution (RCE) flaw could be exploited to leak sensitive information the server has access to, including API keys, environment variables, mounted secrets, and all files on the disk, according to HiddenLayer.

“The root cause of CVE-2026-45829 is two independent failures that compound each other. The server trusts client-supplied model identifiers without restriction, and acts on that trust before authenticating the user sending the request,” HiddenLayer says.

An unauthenticated attacker can trigger the flaw by supplying a malicious HuggingFace model that is...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

https://platform.theverge.com/wp-content/uploads/sites/2/2026/05/pre-media_26c0129_001.jpg?quality=90&strip=all&crop=0%2C10.732984293194%2C100%2C78.534031413613&w=1200

Mercedes’ electric AMG GT 4-door coupe can go 0-60 in 2 seconds

The era of ultra-high performance Mercedes EVs is here. The German automaker finally revealed its new super sedan, the AMG GT 4-door coupe, with technology borrowed from the automaker’s XX concept that last year made history by driving 24,901 miles in under 8 days at Nardò Ring in

https://cdn.mos.cms.futurecdn.net/JUFFcwkv7wLgdG3ReGqoBY-1718-80.jpg

Google’s new Gemini Omni AI can turn almost anything into video

* Google introduced Gemini Omni Flash * It aims to make video creation easier by letting users refine projects naturally, rather than using editing software * It's emphasizing transparency and safety through AI watermarking and identity protections Google’s next big AI move is aimed squarely at creativity. The company has

https://cdn.mos.cms.futurecdn.net/arr8DfDMhwxR9B9ApTAYkN-1920-80.jpg

Lego Batman: Legacy of the Dark Knight is ‘a real mish-mash’ of genres and gameplay features held together by having the Batman: Arkham series as its muse

Lego Batman: Legacy of the Dark Knight is a love song to the enduring legacy and decades-long adventures of the Caped Crusader, offering great fun for all the family. Newly added combat mechanics, difficulty levels, and a slimmer roster of characters with unique skills make for a well-rounded gameplay experience.

http://www.techmeme.com/img/techmeme_sq328.png

GitHub says it's investigating “unauthorized access” to its internal repositories, and there's no proof of customer data outside its repositories being impacted

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data

Read more

Mercedes’ electric AMG GT 4-door coupe can go 0-60 in 2 seconds

Google&rsquo;s new Gemini Omni AI can turn almost anything into video

Lego Batman: Legacy of the Dark Knight is ‘a real mish-mash’ of genres and gameplay features held together by having the Batman: Arkham series as its muse

GitHub says it's investigating “unauthorized access” to its internal repositories, and there's no proof of customer data outside its repositories being impacted

Google’s new Gemini Omni AI can turn almost anything into video