LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-33875

CVE-2026-33875 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: March 27, 2026

Gematik Authenticator - Authentication Bypass

Published: March 27, 2026Updated: March 27, 2026Remote Exploitable

Overview

Gematik Authenticator < 4.16.0 contains an authentication bypass caused by authentication flow hijacking via malicious deep links, letting attackers authenticate as victim users, exploit requires victim user interaction.

Severity & Score

Severity: Critical
CVSS Score: 9.3
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can authenticate as victim users, potentially gaining unauthorized access to their accounts.

Mitigation

Update to version 4.16.0 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 27, 2026

šŸ”“ CVE-2026-33875 - Critical (9.3) Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33875/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 27, 2026

šŸ”“ CVE-2026-33875 - Critical (9.3) Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33875/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 27, 2026

šŸ”“ CVE-2026-33875 - Critical (9.3) Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33875/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 27, 2026

šŸ”“ CVE-2026-33875 - Critical (9.3) Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim use... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33875/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-33875
Severity
Critical
CVSS Score
9.3
Type
broken_authentication
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-940

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

EPSS Score

0.0%Probability of exploitation in the next 30 days