How to fix CVE-2026-34072?

Within 24 hours: inventory all CronMaster deployments and identify versions prior to 2.2.0; document network exposure (internal vs. internet-facing). Within 7 days: contact CronMaster vendor for patched release timeline and interim guidance; implement network segmentation to restrict CronMaster access to authorized administrators only. Within 30 days: upgrade all instances to CronMaster 2.2.0 or later once released; validate session validation middleware behavior post-upgrade through functional testing.

CVE-2026-34072

EUVD-2026-17971 HIGH

2026-04-01 GitHub_M

8.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Apr 01, 2026 - 17:30 vuln.today

EUVD ID Assigned

Apr 01, 2026 - 17:30 euvd

EUVD-2026-17971

CVE Published

Apr 01, 2026 - 16:51 nvd

HIGH 8.3

Description

Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patched in version 2.2.0.

Analysis

Authentication bypass in CronMaster versions prior to 2.2.0 allows adjacent network attackers to gain unauthorized administrative access without credentials. When session validation requests fail, the middleware incorrectly treats invalid session cookies as authenticated, enabling execution of privileged Next.js Server Actions and access to protected administrative pages. …

Remediation

Within 24 hours: inventory all CronMaster deployments and identify versions prior to 2.2.0; document network exposure (internal vs. internet-facing). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

CVE-2026-34072 vulnerability details – vuln.today

Back

CVE-2026-34072

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-34072

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code