CVE Catalog

CVE-2026-20746

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile — higher than 11% of all known CVEs

Summary

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.

Risk Assessment

The organization may experience performance issues or system crashes due to memory exhaustion, potentially leading to service outages.

Recommendation

It is recommended to monitor and restrict access to features that may lead to memory exhaustion and to update to the latest software version to minimize risk.

Original NVD description (English source)

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS