High severity7.8NVD Advisory· Published Mar 27, 2026· Updated Apr 21, 2026
CVE-2026-33874
CVE-2026-33874
Description
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
11- Millions of students’ personal data stolen in major education breachMalwarebytes Labs · May 6, 2026
- From Stuxnet to ChatGPT: 20 News Events That Shaped CyberDark Reading · May 6, 2026
- Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FADark Reading · May 6, 2026
- Microsoft Flags Mass Phishing Campaign Using Fake Compliance EmailsInfosecurity Magazine · May 5, 2026
- CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPsBleepingComputer · May 5, 2026
- CloudZ RAT potentially steals OTP messages using Pheno pluginCisco Talos Intelligence · May 5, 2026
- ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & MoreThe Hacker News · Apr 27, 2026
- Passkeys are more secure than traditional ways to log inNCSC UK · Apr 23, 2026
- Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party ToolInfosecurity Magazine · Apr 21, 2026
- ZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass VulnerabilityZero Day Initiative · Mar 30, 2026
- Move fast and save things: A quick guide to recovering a hacked accountESET WeLiveSecurity · Mar 20, 2026