Platform
android
Component
app-authenticator
Fixed in
4.16.1
CVE-2026-33875 describes an authentication flow hijacking vulnerability in Gematik Authenticator, a secure authentication application for digital health services. This flaw allows attackers to potentially authenticate as legitimate users by exploiting malicious deep links. Versions of Gematik Authenticator prior to 4.16.0 are affected, and a patch is available in version 4.16.0.
The impact of this vulnerability is severe. An attacker can craft a malicious deep link that, when clicked by a victim, allows the attacker to authenticate as that user. This grants the attacker access to any applications or services protected by Gematik Authenticator, potentially exposing sensitive health data, financial information, or enabling unauthorized actions within healthcare systems. The attacker essentially steals the victim's identity within the authentication context. This is particularly concerning given the sensitive nature of healthcare applications and the potential for widespread impact if exploited.
CVE-2026-33875 was publicly disclosed on 2026-03-27. There is currently no indication of active exploitation or a KEV listing. The availability of a public proof-of-concept is unknown at this time, but the vulnerability's ease of exploitation via deep links suggests a potential for rapid exploitation if a PoC is released. The CRITICAL CVSS score highlights the urgency of patching.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-33875 is to immediately update Gematik Authenticator to version 4.16.0 or greater. Due to the nature of the vulnerability, there are no known workarounds beyond upgrading. Users should be educated about the risks of clicking on untrusted deep links and verifying the source of any links before clicking. Administrators of healthcare systems using Gematik Authenticator should proactively monitor for suspicious authentication activity and consider implementing multi-factor authentication where possible to add an additional layer of security.
Update Gematik Authenticator to version 4.16.0 or greater to receive the security patch. No known workarounds exist.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33875 is a CRITICAL vulnerability affecting Gematik Authenticator versions prior to 4.16.0, allowing attackers to hijack authentication flows via malicious deep links.
You are affected if you are using Gematik Authenticator version 4.16.0 or earlier. Immediately update to the latest version.
Update Gematik Authenticator to version 4.16.0 or greater. There are no known workarounds.
There is currently no indication of active exploitation, but the vulnerability's severity warrants immediate action.
Refer to the official Gematik security advisory for details and updates: [https://www.gematik.de/security-advisories/](https://www.gematik.de/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your build.gradle file and we'll tell you instantly if you're affected.