CVE-2026-20746
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap w...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CWE
- CWE-401
Description
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-20746
- [Other]https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026
- [Other]https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes
- [Other]https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html
Related CVEs
Same CWE
- CVE-2026-48059 — Netty is a network application framework for development of protocol servers and clients
- CVE-2026-48043 — Netty is a network application framework for development of protocol servers and clients (5.3 MEDIUM)
- CVE-2026-48006 — Netty is a network application framework for development of protocol servers and clients
- CVE-2026-53464 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.0 MEDIUM)
- CVE-2026-46679 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)