Home

Description

Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-27 | Updated 2025-10-27 | Assigner Ping Identity

Problem types

CWE-307 Improper Restriction of Excessive Authentication Attempts

Product status

Default status
unaffected

11.3.0 (custom) before 11.3.14
affected

12.0.0 (custom) before 12.0.10
affected

12.1.0 (custom) before 12.1.9
affected

12.2.0 (custom) before 12.2.6
affected

12.3.0 (custom) before 12.3.3
affected

References

support.pingidentity.com/...e-rendering-in-redirectless-mode

www.pingidentity.com/...esources/downloads/pingfederate.html

cve.org (CVE-2025-26862)

nvd.nist.gov (CVE-2025-26862)

Download JSON