Executive Summary

CVE-2026-33874 is a high-severity remote code execution vulnerability affecting the Mac OS version of the gematik app-Authenticator, specifically in versions 4.12.0 up to but not including 4.16.0.

The vulnerability is triggered when a user opens a malicious file, which allows an attacker to execute arbitrary code remotely on the affected system.

The root cause is an OS Command Injection (CWE-78), where the application improperly neutralizes special characters in externally influenced input used to construct OS commands, enabling the attacker to inject and execute commands.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution on your Mac OS device running the gematik app-Authenticator.

• An attacker can execute arbitrary commands, potentially compromising the confidentiality, integrity, and availability of your system.
• Since no privileges are required and only user interaction (opening a malicious file) is needed, the risk of exploitation is significant.
• This could lead to data theft, system manipulation, or denial of service.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects the Mac OS version of the gematik Authenticator specifically in versions 4.12.0 up to but not including 4.16.0.

To detect if your system is vulnerable, you should verify the version of the gematik Authenticator installed on your Mac OS device.

The current version can be checked within the application interface itself.

There are no specific network detection commands or signatures mentioned for this vulnerability.

Since the vulnerability is triggered by opening a malicious file locally, network detection is limited.

No commands for scanning or detection are provided in the available resources.

Useful 0 Not Useful 0

Mitigation Strategies

The only effective mitigation is to update the gematik Authenticator to version 4.16.0 or later, which contains the patch for this vulnerability.

There are no known workarounds or alternative mitigations.

Users should obtain the update via official app stores or directly from the GitHub releases page.

• Check the current version of gematik Authenticator installed.
• If the version is between 4.12.0 and before 4.16.0, update immediately to 4.16.0 or later.
• Avoid opening any suspicious or untrusted files with the gematik Authenticator until updated.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows remote code execution with high impact on confidentiality, integrity, and availability, which could lead to unauthorized access or manipulation of sensitive data.

Such a security flaw in a digital health application authenticator could potentially compromise compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and health data against unauthorized access and breaches.

However, the provided information does not explicitly state the direct effects on compliance with these regulations.

Useful 0 Not Useful 0