Vulnerability-Lookup

GHSA-M4WX-PP34-V6V9

Vulnerability from github – Published: 2026-06-12 06:33 – Updated: 2026-06-12 06:33

Details

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.

Severity

6.3 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/RE:M/U:Amber

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-20746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-12T04:17:04Z",
    "severity": "MODERATE"
  },
  "details": "Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when\u00a0recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.",
  "id": "GHSA-m4wx-pp34-v6v9",
  "modified": "2026-06-12T06:33:19Z",
  "published": "2026-06-12T06:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20746"
    },
    {
      "type": "WEB",
      "url": "https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026"
    },
    {
      "type": "WEB",
      "url": "https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes"
    },
    {
      "type": "WEB",
      "url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:X/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2026-20746 (GCVE-0-2026-20746)

Vulnerability from cvelistv5 – Published: 2026-06-12 02:16 – Updated: 2026-06-12 13:30

Title

PingDirectory copying of virtual attributes leads to memory exhaustion

Summary

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/RE:M/U:Amber

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-401 - Missing release of memory after effective lifetime

Assigner

Ping Identity

References

3 references

URL	Tags
https://docs.pingidentity.com/pingdirectory/11.0/…
https://www.pingidentity.com/en/resources/downloa…
https://support.pingidentity.com/s/article/SECADV…

Impacted products

1 product

Vendor	Product	Version
Ping Identity	PingDirectory	Affected: 9.3.0.0 , ≤ 9.3.0.8 (custom) Unknown: 10.1.0.0 , ≤ 10.1.0.5 (custom) Affected: 10.2.0.0 , ≤ 10.2.0.5 (custom) Affected: 10.3.0.0 , ≤ 10.3.0.3 (custom) Affected: 11.0.0.0 , < 11.0.0.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T13:30:44.116370Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T13:30:51.709Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PingDirectory",
          "vendor": "Ping Identity",
          "versions": [
            {
              "lessThanOrEqual": "9.3.0.8",
              "status": "affected",
              "version": "9.3.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.1.0.5",
              "status": "unknown",
              "version": "10.1.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.2.0.5",
              "status": "affected",
              "version": "10.2.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.3.0.3",
              "status": "affected",
              "version": "10.3.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "11.0.0.1",
              "status": "affected",
              "version": "11.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when\u0026nbsp;recent login history is enabled and copying virtual attributes that reference ds-privilege-name values."
            }
          ],
          "value": "Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when\u00a0recent login history is enabled and copying virtual attributes that reference ds-privilege-name values."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-131",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-131 Resource Leak Exposure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing release of memory after effective lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T02:16:59.690Z",
        "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "shortName": "Ping Identity"
      },
      "references": [
        {
          "url": "https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026"
        },
        {
          "url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
        },
        {
          "url": "https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes"
        }
      ],
      "source": {
        "advisory": "SECADV052",
        "defect": [
          "DS-51122"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "PingDirectory copying of virtual attributes leads to memory exhaustion",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
    "assignerShortName": "Ping Identity",
    "cveId": "CVE-2026-20746",
    "datePublished": "2026-06-12T02:16:59.690Z",
    "dateReserved": "2026-01-07T15:15:23.456Z",
    "dateUpdated": "2026-06-12T13:30:51.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-M4WX-PP34-V6V9

CVE-2026-20746 (GCVE-0-2026-20746)

Tags

Sightings

Nomenclature