Executive Summary

CVE-2026-33875 is a critical vulnerability in the gematik app-Authenticator affecting versions 4.15.2 and earlier. It is an authentication flow hijacking issue that allows attackers to impersonate victim users by exploiting malicious deep links.

When a victim clicks on a malicious deep link, the attacker can authenticate as that user without needing any privileges. This happens because the app fails to properly verify that incoming authentication requests come from a trusted source, leading to hijacking of the authentication process remotely over the network.

The vulnerability requires user interaction (clicking the link) but has low attack complexity and no privileges required. It impacts confidentiality and integrity but does not affect availability.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to authenticate as you by hijacking your authentication flow if you click on a malicious deep link.

As a result, attackers can gain unauthorized access to your digital health applications using your identity, potentially accessing or modifying sensitive personal health information.

This can lead to serious privacy breaches and misuse of your health data without your consent.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects gematik Authenticator versions 4.15.2 and earlier. Detection involves verifying the version of the gematik Authenticator installed on your system or devices.

Since the vulnerability is exploited via malicious deep links that hijack the authentication flow, monitoring for suspicious deep link clicks or unexpected authentication requests originating from untrusted sources could help detect exploitation attempts.

There are no specific network or system commands provided to detect this vulnerability directly.

To check the version of the gematik Authenticator app, you can verify it within the app interface or use platform-specific commands to list installed app versions, for example:

• On Android devices, use: adb shell dumpsys package de.gematik.appauthenticator | grep versionName
• On iOS devices, check the app version in the Settings app under the gematik Authenticator entry.

Useful 0 Not Useful 0

Mitigation Strategies

The only effective mitigation for this vulnerability is to update the gematik Authenticator app to version 4.16.0 or later, where the issue has been fixed.

There are no known workarounds or alternative mitigations available.

Users should update the app via official app stores or GitHub releases and verify the installed version to ensure the patch is applied.

Additionally, users should be cautious about clicking on deep links from untrusted or unknown sources to reduce the risk of exploitation.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows attackers to hijack the authentication flow and impersonate victim users, potentially leading to unauthorized access to sensitive personal health information.

Such unauthorized access and identity impersonation could result in violations of data protection regulations like GDPR and HIPAA, which mandate strict controls on user authentication and protection of personal health data.

However, the provided information does not explicitly discuss compliance impacts or regulatory consequences.

Useful 0 Not Useful 0