CVE-2026-20746
Received Received - Intake
Virtual Attribute Handling Memory Exhaustion in PingDirectory

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: Ping Identity Corporation

Description
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-20746
EUVD
EUVD-2026-36374
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
ping_identity pingdirectory 11.0.0.2
ping_identity pingdirectory_proxy 11.0.0.2
ping_identity pingdatasync 11.0.0.2
ping_identity pingdataserver_sdk 11.0.0.2
ping_identity pingdirectory_delegated_user_admin 5.1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the handling of virtual attributes in Ping Identity PingDirectory. Specifically, when recent login history is enabled and virtual attributes that reference ds-privilege-name values are copied, authorized users can cause the Java memory heap to be exhausted.

Impact Analysis

The impact of this vulnerability is a potential denial of service condition. By exhausting the Java memory heap, the affected PingDirectory service could become unresponsive or crash, disrupting directory services and potentially affecting dependent applications or users.

Compliance Impact

The provided information does not specify how the vulnerability in Ping Identity PingDirectory affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20746. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart