localhost in sudoers

%admin ALL=(ALL) NOPASSWD: ALL

The host list restricts the sudo rule to hosts on which one network interface has a name or address in the list. Since every host has a loopback interface, every host should match your rule; in fact, sudo skips the loopback interface when checking host lists, so no host does match your rule; either way specifying the host as localhost is not useful.

Sudo doesn't do any network authentication: the host list is there so that you can deploy a single sudoers file on multiple machines and give users different permissions on different machines.

Cron also doesn't do any network authentication. A remote user would gain user privileges through a misconfigured or vulnerable network server or client (http, ftp, samba, nfs, snmp, ssh, …).