CVE-2026-34072
Published: 01 April 2026
Summary
CVE-2026-34072 is a high-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires unique identification and authentication of organizational users, directly preventing authentication bypass via invalid session cookies when validation fails.
Enforces approved authorizations for access to protected resources in middleware, blocking unauthenticated requests treated as valid due to session fetch failures.
Mandates identification, reporting, and patching of flaws like the middleware authentication bypass, enabling upgrade to the fixed version 2.2.0.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The authentication bypass in the web-based CronMaster UI directly enables initial access by allowing crafted requests to exploit the vulnerable middleware and access protected functionality without credentials, mapping to T1190 Exploit Public-Facing Application.
NVD Description
Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated…
more
when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patched in version 2.2.0.
Deeper analysisAI
CVE-2026-34072 is an authentication bypass vulnerability in CronMaster (cronmaster), an open-source Cronjob management UI that provides human-readable syntax, live logging, and log history for cronjobs. In versions prior to 2.2.0, the middleware fails to properly validate sessions, treating unauthenticated requests with an invalid session cookie as authenticated when the session-validation fetch fails. This issue is associated with CWEs-287 (Improper Authentication), CWE-306 (Missing Authentication for Critical Function), and CWE-693 (Protection Mechanism Failure), and carries a CVSS v3.1 base score of 8.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L).
Attackers with adjacent network access can exploit this vulnerability without privileges or user interaction by sending crafted requests containing an invalid session cookie. If the middleware's session-validation fetch fails, the requests bypass authentication, enabling unauthorized access to protected pages and execution of privileged Next.js Server Actions. This results in high confidentiality and integrity impacts, with limited availability disruption.
The vulnerability has been addressed in CronMaster version 2.2.0. Security advisories recommend upgrading to this patched version. Additional details are available in the GitHub security advisory (GHSA-9whh-mffv-xvh6) and release notes for v2.2.0.
Details
- CWE(s)