CVE-2026-20746
6.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/RE:M/U:Amber
Summary
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ping Identity | PingDirectory | 9.3.0.0 <= 9.3.0.8 | affected |
| Ping Identity | PingDirectory | 10.1.0.0 <= 10.1.0.5 | unknown |
| Ping Identity | PingDirectory | 10.2.0.0 <= 10.2.0.5 | affected |
| Ping Identity | PingDirectory | 10.3.0.0 <= 10.3.0.3 | affected |
| Ping Identity | PingDirectory | 11.0.0.0 < 11.0.0.1 | affected |
Weaknesses
- CWE-401: CWE-401 Missing release of memory after effective lifetime
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026
- https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html
- https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.