Description
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/gematik/app-Authenticator/security/advisories/GHSA-mjgm-7hwc-qqcr
Vendor Advisory
https://www.machinespirits.de/advisory/2e655e/
Scores
CVSS v3
7.8
EPSS
0.0028
EPSS Percentile
19.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
gematik/app-Authenticator
>= 4.12.0, < 4.16.0
gematik/authenticator
4.12.0 - 4.16.0
Published
Mar 27, 2026
Tracked Since
Mar 29, 2026