CVE-2026-33875CRITICAL 9.3EPSS p17.6%

CVE-2026-33875CVE-2026-33875

Description

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.

Scoring

CVSS 3.19.3 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS0.27% probability of exploitation · percentile 17.6% · 2026-06-19T12:03:05Z
Published2026-03-27
Last modified2026-04-03

Underlying weaknesses· 1

CWE-940

References

  1. https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr
  2. https://www.machinespirits.com/advisory/f41e56/

1

TypeTargetConfidenceTier
WeaknessImproper Verification of Source of a Communication Channelcwe-9400%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-37982
CVE
CVE-2026-28536
CVE
CVE-2025-35030
CVE
CVE-2026-49443
CVE
CVE-2025-28242
CVE
CVE-2026-23899
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.