{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33875", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:10:05.679Z", "datePublished": "2026-03-27T20:25:15.850Z", "dateUpdated": "2026-04-03T15:21:15.316Z"}, "containers": {"cna": {"title": "Authenticator Vulnerable to Authentication Flow Hijack", "problemTypes": [{"descriptions": [{"cweId": "CWE-940", "lang": "en", "description": "CWE-940: Improper Verification of Source of a Communication Channel", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr"}], "affected": [{"vendor": "gematik", "product": "app-Authenticator", "versions": [{"version": "< 4.16.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:25:15.850Z"}, "descriptions": [{"lang": "en", "value": "Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds."}], "source": {"advisory": "GHSA-qg87-cf56-2rmr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T18:57:25.759977Z", "id": "CVE-2026-33875", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:57:32.634Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-03T15:21:15.316Z"}, "references": [{"url": "https://www.machinespirits.com/advisory/f41e56/"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.machinespirits.com/advisory/f41e56/"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-03T15:21:15.316Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T18:57:25.759977Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:57:29.436Z"}}], "cna": {"title": "Authenticator Vulnerable to Authentication Flow Hijack", "source": {"advisory": "GHSA-qg87-cf56-2rmr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "gematik", "product": "app-Authenticator", "versions": [{"status": "affected", "version": "< 4.16.0"}]}], "references": [{"url": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr", "name": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-940", "description": "CWE-940: Improper Verification of Source of a Communication Channel"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:25:15.850Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33875", "state": "PUBLISHED", "dateUpdated": "2026-04-03T15:21:15.316Z", "dateReserved": "2026-03-24T15:10:05.679Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T20:25:15.850Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gematik:authenticator:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6F3F2CC-8AAB-467C-A2CB-D8D994FB4195", "versionEndExcluding": "4.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds."}], "id": "CVE-2026-33875", "lastModified": "2026-04-03T16:16:40.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T21:17:24.377", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-qg87-cf56-2rmr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.machinespirits.com/advisory/f41e56/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-940"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.16.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "app-Authenticator", "source": "cna", "vendor": "gematik"}, "product": "app-authenticator", "vendor": "gematik"}], "analysis": {"en": {"generated_at": "2026-04-02T04:10:03.550532+00:00", "value": {"mitigation_remediation": ["Update Gematik Authenticator to version 4.16.0 or later as the official fix.", "Verify that the updated authenticator is correctly deployed and configured in all digital health applications.", "Monitor authentication logs for suspicious or repeated login attempts that may indicate exploitation.", "Educate users to be cautious of unexpected deep links or messages that prompt them to authenticate."], "summary": {"action": "Immediate Patch", "impact": "Authentication Spoofing"}, "threat_synthesis": {"affected_systems": "Gematik Authenticator (app-Authenticator) for all versions prior to 4.16.0. The vulnerability affects the authentication process used by digital health applications that rely on this authenticator.", "description_and_impact": "Gematik Authenticator versions earlier than 4.16.0 allow an attacker to hijack the authentication flow through a malicious deep link, enabling the attacker to log in as the victim user. This leads to identity impersonation and unauthorized access to digital health applications, compromising user confidentiality and integrity. The weakness is identified as CWE\u2011940.", "risk_and_exploitability": "The flaw carries a CVSS score of 9.3, indicating high severity, but the EPSS score is below 1% and it is not listed in CISA's KEV catalog, suggesting exploitation is unlikely in the near term. The attack vector appears to require the victim to click a malicious deep link, so it is a user\u2011interaction attack that can be staged through phishing. Because of the high impact and the low probability but potential for exploitation, organization should address it promptly."}}}}, "created": "2026-03-29T20:30:10.957077+00:00", "updated": "2026-04-02T07:55:23.296600+00:00", "vendors": ["gematik", "gematik$PRODUCT$app-authenticator"]}