CVE-2025-26862

Published: Oct 27, 2025

Modified: Oct 27, 2025

PUBLISHED

Description

Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.

Vendor	Product	Versions
Ping Identity	PingFederate	affected `11.3.0 - < 11.3.14` affected `12.0.0 - < 12.0.10` affected `12.1.0 - < 12.1.9` affected `12.2.0 - < 12.2.6` affected `12.3.0 - < 12.3.3`

Weaknesses (CWE)

CWE-307

References

https://support.pingidentity.com/s/article/PingFederate-unexpected-template-rendering-in-redirectless-mode

https://www.pingidentity.com/en/resources/downloads/pingfederate.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-26862

Description

Affected Products

Weaknesses (CWE)

References