cbcvebase.
CVE-2025-26862
published 2025-10-27

CVE-2025-26862: Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may…

PriorityP419low0CVSS 4.0
AVNACHATNPRLUIPVCNVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSPAUYRXVXRELUAmber
EPSS
0.34%
25.9th percentile
Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.

Affected

5 ranges
VendorProductVersion rangeFixed in
ping_identitypingfederate>= 11.3.0 < 11.3.1411.3.14
ping_identitypingfederate>= 12.0.0 < 12.0.1012.0.10
ping_identitypingfederate>= 12.1.0 < 12.1.912.1.9
ping_identitypingfederate>= 12.2.0 < 12.2.612.2.6
ping_identitypingfederate>= 12.3.0 < 12.3.312.3.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.