Skip to main content

Cronmaster

1 CVEs product

Monthly

CVE-2026-34072 HIGH This Week

Authentication bypass in CronMaster versions prior to 2.2.0 allows adjacent network attackers to gain unauthorized administrative access without credentials. When session validation requests fail, the middleware incorrectly treats invalid session cookies as authenticated, enabling execution of privileged Next.js Server Actions and access to protected administrative pages. EPSS data not available for this recent CVE; no public exploit identified at time of analysis, though exploitation complexity is low once network access is achieved.

Authentication Bypass Cronmaster
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.0%
EPSS 0% CVSS 8.3
HIGH This Week

Authentication bypass in CronMaster versions prior to 2.2.0 allows adjacent network attackers to gain unauthorized administrative access without credentials. When session validation requests fail, the middleware incorrectly treats invalid session cookies as authenticated, enabling execution of privileged Next.js Server Actions and access to protected administrative pages. EPSS data not available for this recent CVE; no public exploit identified at time of analysis, though exploitation complexity is low once network access is achieved.

Authentication Bypass Cronmaster
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy