Primary

Context

Gematik Authenticator Authentication Flow Hijacking Vulnerability

Vulnerability

A vulnerability allowing authentication flow hijacking has been identified in Gematik Authenticator versions prior to 4.16.0. This issue could enable attackers to authenticate as victim users who engage with a malicious deep link.

Impact

Exploitation of this vulnerability could lead to unauthorized authentication, allowing attackers to impersonate users.

Remediation

Users are advised to update Gematik Authenticator to version 4.16.0 or greater. The updated version can be downloaded from the GitHub releases page or via the app store. Depending on the configuration, the authenticator may update automatically. To check the current version, open the application and look at the bottom right corner of the window.

Added: Mar 27, 2026, 9:33 PM

Updated: Mar 27, 2026, 9:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.2

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.2

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gematik Authenticator Authentication Flow Hijacking Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating