{"cve":{"cve_id":"CVE-2026-20746","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00278,"epss_percentile":0.19348,"epss_as_of":"2026-06-23","description":"Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.","published_at":"2026-06-12T02:16:59.690000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":6.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/RE:M/U:Amber","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-401"],"nvd_references":["https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026","https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html","https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:03.683606Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"P","value_label":"Passive"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"H","value_label":"High"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"H","value_label":"High"},{"metric":"SA","name":"Availability (Subsequent System)","value":"H","value_label":"High"},{"metric":"S","name":"Scope","value":"P","value_label":"Physical"},{"metric":"AU","name":"AU","value":"Y","value_label":"Y"},{"metric":"R","name":"R","value":"U","value_label":"Unchanged"},{"metric":"RE","name":"RE","value":"M","value_label":"M"},{"metric":"U","name":"U","value":"Amber","value_label":"Amber"}]},"affected":[{"vendor_slug":"ping-identity","vendor_name":"Ping Identity","product_slug":"pingdirectory","product_name":"PingDirectory","version_start":"9.3.0.0","version_start_inclusive":true,"version_end":"9.3.0.8","version_end_inclusive":true,"cpe23_uri":"cve5:ping-identity:pingdirectory:9.3.0.0:9.3.0.8"},{"vendor_slug":"ping-identity","vendor_name":"Ping Identity","product_slug":"pingdirectory","product_name":"PingDirectory","version_start":"10.1.0.0","version_start_inclusive":true,"version_end":"10.1.0.5","version_end_inclusive":true,"cpe23_uri":"cve5:ping-identity:pingdirectory:10.1.0.0:10.1.0.5"},{"vendor_slug":"ping-identity","vendor_name":"Ping Identity","product_slug":"pingdirectory","product_name":"PingDirectory","version_start":"10.2.0.0","version_start_inclusive":true,"version_end":"10.2.0.5","version_end_inclusive":true,"cpe23_uri":"cve5:ping-identity:pingdirectory:10.2.0.0:10.2.0.5"},{"vendor_slug":"ping-identity","vendor_name":"Ping Identity","product_slug":"pingdirectory","product_name":"PingDirectory","version_start":"10.3.0.0","version_start_inclusive":true,"version_end":"10.3.0.3","version_end_inclusive":true,"cpe23_uri":"cve5:ping-identity:pingdirectory:10.3.0.0:10.3.0.3"},{"vendor_slug":"ping-identity","vendor_name":"Ping Identity","product_slug":"pingdirectory","product_name":"PingDirectory","version_start":"11.0.0.0","version_start_inclusive":true,"version_end":"11.0.0.1","version_end_inclusive":false,"cpe23_uri":"cve5:ping-identity:pingdirectory:11.0.0.0:11.0.0.1"}],"exploit_refs":[],"news":[],"references":[{"url":"https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026","source_type":"MISC","tags":[]},{"url":"https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html","source_type":"MISC","tags":[]},{"url":"https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-12T02:16:59.690000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:50:54.673227Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:54.673227Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:54.673227Z","label":"CVSS score revised","source":"cvelistv5"}]}