Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authenticat…

CVE-2026-34072 affects CronMaster, a cronjob management UI application. The vulnerability is an authentication bypass in middleware that allows unauthenticated requests with invalid session cookies to be treated as authenticated when session validation fails. This can lead to unauthorized access to protected pages and execution of privileged Next.js Server Actions. The issue affects versions prior to 2.2.0 and has been patched in version 2.2.0. The vulnerability represents a significant security risk as it allows complete authentication bypass.