Question 1

What is CVE-2026-20746 — CVE-2026-20746?

Accepted Answer

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.

Question 2

What is the authoritative source for CVE-2026-20746?

Accepted Answer

CVE-2026-20746 (CVE-2026-20746) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

EPSS	0.28% probability of exploitation · percentile 19.3% · 2026-06-19T12:03:05Z
Last modified	2026-06-12

CVE-2026-20746CVE-2026-20746

Description

Scoring