CVE-2026-38968 PUBLISHED

Assigner: mitre
Reserved: 06.04.2026 Published: 02.07.2026 Updated: 02.07.2026

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.

Product Status

Vendor n/a
Product n/a
Versions
  • Version n/a is affected

References

Problem Types

  • n/a text