CVE-2026-33875 — CRITICAL (9.3)

Q: How severe is CVE-2026-33875?

CVE-2026-33875 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-33875?

Check the references section above for vendor advisories and patch information. Affected products include: Gematik Authenticator.

Vulnerability Description

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Gematik	Authenticator	< 4.16.0

Related Weaknesses (CWE)

CWE-940

References

FAQ

What is CVE-2026-33875?

CVE-2026-33875 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to...

How severe is CVE-2026-33875?

CVE-2026-33875 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-33875?

Check the references section above for vendor advisories and patch information. Affected products include: Gematik Authenticator.