CVE-2026-34072HIGH 8.3EPSS p35.2%

CVE-2026-34072CVE-2026-34072

fccview / cronmaster

Description

Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patched in version 2.2.0.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS0.44% probability of exploitation · percentile 35.2% · 2026-06-19T12:03:05Z
Published2026-04-01
Last modified2026-06-02

Underlying weaknesses· 3

CWE-287CWE-306CWE-693

References

  1. https://github.com/fccview/cronmaster/releases/tag/2.2.0
  2. https://github.com/fccview/cronmaster/security/advisories/GHSA-9whh-mffv-xvh6

3

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessMissing Authentication for Critical Functioncwe-3060%live
WeaknessProtection Mechanism Failurecwe-6930%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-29927
CVE
CVE-2026-44574
CVE
CVE-2026-41248
CVE
CVE-2026-8621
CVE
CVE-2025-28062
CVE
CVE-2025-64762
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.