Authentication Vulnerability in PingFederate's HTML Form Adapter
CVE-2025-26862

NONE

Key Information:

Vendor: Ping Identity
Status: Pingfederate
Vendor: CVE Published:; 27 October 2025

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2025-26862?

A security flaw in PingFederate's HTML Form Adapter enables unexpected rendering of authentication forms in redirectless mode. This issue can potentially be exploited, allowing attackers to conduct brute force login attempts. Organizations utilizing affected versions of PingFederate should take immediate action to review their implementations and mitigate the risks associated with this vulnerability.

Affected Version(s)

PingFederate 11.3.0 < 11.3.14

PingFederate 12.0.0 < 12.0.10

PingFederate 12.1.0 < 12.1.9

References

https://support.pingidentity.com/s/article/PingFederate-u...

https://www.pingidentity.com/en/resources/downloads/pingf...

CVSS V4

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Apr 16, 2025

JSON