CVE-2026-34072
Analyzed Analyzed - Analysis Complete
Authentication Bypass in CronMaster Middleware Enables Unauthorized Access

Publication date: 2026-04-01

Last updated on: 2026-06-02

Assigner: GitHub, Inc.

Description
Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patched in version 2.2.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-34072
EUVD
EUVD-2026-17971
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fccview cronmaster to 2.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34072 is a high-severity authentication bypass vulnerability in the middleware of the cronmaster package prior to version 2.2.0.

The issue occurs because the middleware relies solely on the presence of a session cookie and attempts to validate it by internally fetching a session-check endpoint. If this internal fetch fails due to network or header conditions, the middleware incorrectly treats the request as authenticated instead of denying access.

This flaw allows unauthenticated attackers to gain unauthorized access to protected pages and execute privileged server-side actions in Next.js without valid credentials.

Impact Analysis

This vulnerability can lead to unauthorized access to protected resources and privileged server-side actions.

  • Attackers can bypass authentication and access pages that should be restricted.
  • Privileged Next.js Server Actions can be executed without proper authorization.
  • There is a potential for sensitive data exposure through unauthorized functionality.

The attack requires network access to the application and the ability to trigger session-check failures, but no user interaction or privileges are needed.

Detection Guidance

Detection of this vulnerability involves identifying unauthorized access attempts where unauthenticated requests with invalid or manipulated session cookies are treated as authenticated due to middleware session-validation failures.

Specifically, monitoring logs for requests that trigger exceptions in the internal session-check fetch to `/api/auth/check-session` endpoint can help detect exploitation attempts.

Since the middleware fails open on session-check fetch failures, commands that inspect server logs for errors or exceptions related to this endpoint or unusual access patterns to protected pages without valid authentication can be useful.

However, no explicit detection commands are provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade the cronmaster package to version 2.2.0 or later, where this authentication bypass vulnerability has been patched.

This update addresses the improper error handling in middleware session validation that allowed unauthenticated access.

Additionally, restricting network access to the application to trusted users and monitoring for unusual access patterns can help reduce risk until the update is applied.

Compliance Impact

CVE-2026-34072 is a high-severity authentication bypass vulnerability that allows unauthorized access to protected pages and privileged server actions, potentially leading to unauthorized data exposure.

Such unauthorized access and potential data exposure can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

Failure to properly authenticate users and protect sensitive information could result in violations of these regulations, leading to legal and financial consequences.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart