Platform
nextjs
Component
cronmaster
Fixed in
2.2.1
CVE-2026-34072 describes an authentication bypass vulnerability in CrnMaster, a Cronjob management UI. This flaw allows unauthenticated requests with a malformed session cookie to be treated as authenticated when the session validation fails. Successful exploitation can lead to unauthorized access to protected pages and the execution of privileged Next.js Server Actions, potentially compromising the entire system. This vulnerability affects versions of CrnMaster prior to 2.2.0 and has been patched in that release.
The impact of this authentication bypass is significant. An attacker can leverage a crafted session cookie to bypass authentication checks entirely, effectively impersonating an authenticated user. This grants them access to sensitive data and functionality within CrnMaster, including the ability to execute privileged Next.js Server Actions. These actions could be used to modify cronjobs, access logs, or even execute arbitrary code on the underlying server, depending on the permissions granted to those actions. The blast radius extends to any data or systems accessible through CrnMaster's privileged functions. While no direct precedent exists for this specific vulnerability, the potential for unauthorized code execution mirrors the severity of vulnerabilities like those found in poorly secured API endpoints.
CVE-2026-34072 was publicly disclosed on 2026-04-01. The vulnerability's EPSS score is likely to be medium, given the ease of exploitation (a crafted cookie) and the potential impact (unauthorized code execution). No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's simplicity suggests that a PoC is likely to emerge. It has not been added to the CISA KEV catalog.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34072 is to immediately upgrade CrnMaster to version 2.2.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. Review and strengthen session validation logic within the CrnMaster middleware to prevent the acceptance of invalid or malformed session cookies. Implement stricter input validation on all incoming requests to filter out potentially malicious cookie values. Consider using a Web Application Firewall (WAF) to block requests with suspicious cookie patterns. Monitor Cr*nMaster logs for unusual authentication attempts or unauthorized access patterns.
Update Cr*nMaster to version 2.2.0 or higher. This version fixes the authentication bypass vulnerability in the middleware, preventing unauthorized access to protected pages and unauthorized execution of Server Actions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34072 is a HIGH severity vulnerability in Cr*nMaster versions prior to 2.2.0 that allows attackers to bypass authentication using a malformed session cookie, potentially gaining unauthorized access.
You are affected if you are running Cr*nMaster version 2.2.0 or earlier. Upgrade to version 2.2.0 to mitigate the vulnerability.
The recommended fix is to upgrade Cr*nMaster to version 2.2.0 or later. If upgrading is not possible immediately, implement temporary workarounds such as strengthening session validation and using a WAF.
While no active exploitation has been confirmed, the vulnerability's simplicity suggests that exploitation is possible and may occur.
Refer to the official Cr*nMaster project website and security advisories for the latest information and updates regarding CVE-2026-34072.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.