CVE-2026-33874
Remote Code Execution in Gematik Authenticator macOS (v
Publication date: 2026-03-27
Last updated on: 2026-04-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gematik | authenticator | From 4.12.0 (inc) to 4.16.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33874 is a high-severity remote code execution vulnerability affecting the Mac OS version of the gematik app-Authenticator, specifically in versions 4.12.0 up to but not including 4.16.0.
The vulnerability is triggered when a user opens a malicious file, which allows an attacker to execute arbitrary code remotely on the affected system.
The root cause is an OS Command Injection (CWE-78), where the application improperly neutralizes special characters in externally influenced input used to construct OS commands, enabling the attacker to inject and execute commands.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on your Mac OS device running the gematik app-Authenticator.
- An attacker can execute arbitrary commands, potentially compromising the confidentiality, integrity, and availability of your system.
- Since no privileges are required and only user interaction (opening a malicious file) is needed, the risk of exploitation is significant.
- This could lead to data theft, system manipulation, or denial of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the Mac OS version of the gematik Authenticator specifically in versions 4.12.0 up to but not including 4.16.0.
To detect if your system is vulnerable, you should verify the version of the gematik Authenticator installed on your Mac OS device.
The current version can be checked within the application interface itself.
There are no specific network detection commands or signatures mentioned for this vulnerability.
Since the vulnerability is triggered by opening a malicious file locally, network detection is limited.
No commands for scanning or detection are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The only effective mitigation is to update the gematik Authenticator to version 4.16.0 or later, which contains the patch for this vulnerability.
There are no known workarounds or alternative mitigations.
Users should obtain the update via official app stores or directly from the GitHub releases page.
- Check the current version of gematik Authenticator installed.
- If the version is between 4.12.0 and before 4.16.0, update immediately to 4.16.0 or later.
- Avoid opening any suspicious or untrusted files with the gematik Authenticator until updated.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote code execution with high impact on confidentiality, integrity, and availability, which could lead to unauthorized access or manipulation of sensitive data.
Such a security flaw in a digital health application authenticator could potentially compromise compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and health data against unauthorized access and breaches.
However, the provided information does not explicitly state the direct effects on compliance with these regulations.