Vendor
CVE-2026-38968 affects ntopng versions up to 6.6, enabling session hijacking through predictable session identifiers generated with weak time-seeded pseudo-randomness in `src/HTTPserver.cpp`, allowing attackers to gain unauthorized access to legitimate user sessions.