NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-20746

Summary	Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.
Publication Date	June 12, 2026, 1:17 p.m.
Registration Date	June 13, 2026, 4:16 a.m.
Last Update	June 13, 2026, 1:06 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026	responsible-disclosure@pingidentity.com
2	https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes	responsible-disclosure@pingidentity.com
3	https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html	responsible-disclosure@pingidentity.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-401	有効期限後のメモリの解放の欠如	https://cwe.mitre.org/data/definitions/401.html