PT-2026-28546 · Unknown · Gematik Authenticator

Dr. Simon Weber

Published

2026-03-27

Updated

2026-03-29

CVE-2026-33875

CVSS v3.1

9.3

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions prior to 4.16.0

Description Gematik Authenticator is used to securely authenticate users for login to digital health applications. Versions prior to 4.16.0 are susceptible to authentication flow hijacking. An attacker could potentially authenticate as a victim user if the user clicks on a malicious deep link.

Recommendations Update Gematik Authenticator to version 4.16.0 or greater.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-940

Related Identifiers

CVE-2026-33875

GHSA-QG87-CF56-2RMR

Affected Products

Gematik Authenticator

PT-2026-28546 · Unknown · Gematik Authenticator

CVE-2026-33875

Weakness Enumeration

Related Identifiers

Affected Products

References · 10