CVE-2026-38968

Publication date 3 July 2026

Last updated 4 July 2026


Ubuntu priority

Description

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.

Status

Package Ubuntu Release Status
ntopng 26.04 LTS resolute Not in release
25.10 questing
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation


Access our resources on patching vulnerabilities