CVE-2026-20746 PingDirectory copying of virtual attributes leads to memory exhaustion

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values...

CVE-2026-20746

PingDirectory (Ping Identity) is affected; copying virtual attributes that reference ds-privilege-name values can exhaust the Java heap when recent login history is enabled. The root cause is in virtual attribute handling within affected PingDirectory versions, enabling only authorized users to t...

PT-2026-48819

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values...

PingDirectory security vulnerability

Ping Identity PingDirectory is a fast, scalable directory for storing identity and rich profile data from Ping Identity. A security vulnerability exists in PingDirectory. An attacker can exploit the vulnerability to elevate privileges...