CVE-2026-20746

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.

CVSS

No CVSS.

References

Link	Resource
https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026
https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes
https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html

Configurations

No configuration.

History

12 Jun 2026, 04:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-12 04:17

Updated : 2026-06-17 10:17

NVD link : CVE-2026-20746

Mitre link : CVE-2026-20746

CVE.ORG link : CVE-2026-20746

JSON object : View

Products Affected

No product.

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2026-20746", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-20746", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-12T13:30:44.116370Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "responsible-disclosure@pingidentity.com", "cvssData": {"Safety": "PRESENT", "version": "4.0", "Recovery": "USER", "baseScore": 6.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:X/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "responsible-disclosure@pingidentity.com", "affectedData": [{"vendor": "Ping Identity", "product": "PingDirectory", "versions": [{"status": "affected", "version": "9.3.0.0", "versionType": "custom", "lessThanOrEqual": "9.3.0.8"}, {"status": "unknown", "version": "10.1.0.0", "versionType": "custom", "lessThanOrEqual": "10.1.0.5"}, {"status": "affected", "version": "10.2.0.0", "versionType": "custom", "lessThanOrEqual": "10.2.0.5"}, {"status": "affected", "version": "10.3.0.0", "versionType": "custom", "lessThanOrEqual": "10.3.0.3"}, {"status": "affected", "version": "11.0.0.0", "lessThan": "11.0.0.1", "versionType": "custom"}], "defaultStatus": "unaffected"}]}], "published": "2026-06-12T04:17:04.510", "references": [{"url": "https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026", "source": "responsible-disclosure@pingidentity.com"}, {"url": "https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes", "source": "responsible-disclosure@pingidentity.com"}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html", "source": "responsible-disclosure@pingidentity.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "responsible-disclosure@pingidentity.com", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when\u00a0recent login history is enabled and copying virtual attributes that reference ds-privilege-name values."}], "lastModified": "2026-06-17T10:17:45.383", "sourceIdentifier": "responsible-disclosure@pingidentity.com"}