CVE-2026-34072

Name of the Vulnerable Software and Affected Versions Cr*nMaster versions prior to 2.2.0

Description Cr*nMaster is a Cronjob management UI. Prior to version 2.2.0, an authentication bypass exists in the middleware. When the middleware’s session-validation fetch fails, unauthenticated requests with an invalid session cookie are incorrectly treated as authenticated. This can lead to unauthorized access to protected pages and the unauthorized execution of privileged Next.js Server Actions.

Recommendations Update to version 2.2.0 or later.