Home / Vulnerability Intelligence / CVE-2026-34072

CVE-2026-34072 - Vulnerability Analysis

HighCVSS: 8.3

Last Updated: April 1, 2026

Cr*nMaster - Authentication Bypass

Published: April 1, 2026Updated: April 1, 2026

Overview

Cr*nMaster (cronmaster) < 2.2.0 contains an authentication bypass caused by middleware session-validation fetch failure, letting unauthenticated attackers access protected pages and execute privileged Next.js Server Actions, exploit requires invalid session cookie.

Severity & Score

Severity: High

CVSS Score: 8.3

Impact

Unauthenticated attackers can access protected pages and execute privileged server actions, leading to unauthorized access and potential system compromise.

Mitigation

Update to version 2.2.0 or later.

References

https://github.com/fccview/cronmaster/security/advisories/GHSA-9whh-mffv-xvh6
https://github.com/fccview/cronmaster/releases/tag/2.2.0

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34072
Severity: High
CVSS Score: 8.3
Type: broken_authentication
Status: new

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L