CVE-2026-33875

EPSS 0.07%
Veröffentlicht 27.03.2026 20:25:15
Zuletzt bearbeitet 03.04.2026 16:16:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gematik ≫ Authenticator Version < 4.16.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.22

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.3	2.8	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-940 Improper Verification of Source of a Communication Channel

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr

Vendor Advisory

https://www.machinespirits.com/advisory/f41e56/

https://nvd.nist.gov/vuln/detail/CVE-2026-33875

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33875

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33875

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33875