{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33875", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:10:05.679Z", "datePublished": "2026-03-27T20:25:15.850Z", "dateUpdated": "2026-03-30T18:57:32.634Z"}, "containers": {"cna": {"title": "Authenticator Vulnerable to Authentication Flow Hijack", "problemTypes": [{"descriptions": [{"cweId": "CWE-940", "lang": "en", "description": "CWE-940: Improper Verification of Source of a Communication Channel", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr"}], "affected": [{"vendor": "gematik", "product": "app-Authenticator", "versions": [{"version": "< 4.16.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:25:15.850Z"}, "descriptions": [{"lang": "en", "value": "Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds."}], "source": {"advisory": "GHSA-qg87-cf56-2rmr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T18:57:25.759977Z", "id": "CVE-2026-33875", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:57:32.634Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33875", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:10:05.679Z", "datePublished": "2026-03-27T20:25:15.850Z", "dateUpdated": "2026-03-30T18:57:32.634Z"}, "containers": {"cna": {"title": "Authenticator Vulnerable to Authentication Flow Hijack", "problemTypes": [{"descriptions": [{"cweId": "CWE-940", "lang": "en", "description": "CWE-940: Improper Verification of Source of a Communication Channel", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr"}], "affected": [{"vendor": "gematik", "product": "app-Authenticator", "versions": [{"version": "< 4.16.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:25:15.850Z"}, "descriptions": [{"lang": "en", "value": "Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds."}], "source": {"advisory": "GHSA-qg87-cf56-2rmr", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T18:57:25.759977Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:57:29.436Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gematik:authenticator:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6F3F2CC-8AAB-467C-A2CB-D8D994FB4195", "versionEndExcluding": "4.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds."}], "id": "CVE-2026-33875", "lastModified": "2026-04-01T13:41:42.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T21:17:24.377", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-940"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.16.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "app-Authenticator", "source": "cna", "vendor": "gematik"}, "product": "app-authenticator", "vendor": "gematik"}], "analysis": {"en": {"generated_at": "2026-03-28T06:00:49.802635+00:00", "value": {"mitigation_remediation": ["Update Gematik Authenticator to version 4.16.0 or later"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "All users of Gematik Authenticator with versions before 4.16.0 are affected. The product in question is the Gematik Authenticator, bundled with digital health services that rely on its secure authentication mechanism.", "description_and_impact": "Gematik Authenticator is used to authenticate users for digital health applications. The vulnerability allows an attacker to hijack the authentication flow by causing the user to open a malicious deep link. Once the victim follows the link, the attacker can authenticate themselves as the victim, effectively gaining unauthorized access to the victim\u2019s account. The weakness is classified as CWE-940, reflecting a user authentication bypass.", "risk_and_exploitability": "The CVSS score of 9.3 indicates a high severity, and although no EPSS score is available, the lack of a KEV listing does not reduce the risk\u2014this is a known flaw that can be exploited via social engineering. An attacker only needs to craft a malicious deep link and convince\u2014or trick\u2014a victim to open it, making the exploit straightforward under the right conditions."}}}}, "created": "2026-03-29T20:30:10.957077+00:00", "updated": "2026-03-30T07:00:29.402144+00:00", "vendors": ["gematik", "gematik$PRODUCT$app-authenticator"]}