What is the CVSS score of CVE-2026-45575?

CVE-2026-45575 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of epa4all-client are affected by CVE-2026-45575?

CVE-2026-45575 is an authentication bypass in epa4all-client that allows network-positioned attackers to intercept and forge OIDC authentication tokens, potentially compromising access to sensitive…. A patch is available.

epa4all-client CVE-2026-45575

HIGH

Improper Verification of Cryptographic Signature (CWE-347)

2026-05-15 https://github.com/oviva-ag/epa4all-client

GHSA-gqx7-6552-67hf

Information Disclosure Jwt Attack

7.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 15, 2026 - 19:31 vuln.today

Analysis Generated

May 15, 2026 - 19:31 vuln.today

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 maven packages depend on com.oviva.telematik:epa4all-client (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 1.2.2.

DescriptionNVD

Impact

An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects u ri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker's encryption key and POSTs it to the attacker's auth endpoint. This captures the signed authentication material.

Patches

#36

Workarounds

None.

Resources

MS-OVIVA-EPA4ALL-d453c1

Credits

Machine Spirits ([contact@machinespirits.de](mailto:contact@machinespirits.de))

Dr. rer. nat. Simon Weber
Dipl.-Inf. Volker Schönefeld
Chiara Fliegner

AnalysisAI

Authentication bypass in epa4all-client allows MITM attackers positioned within the TI (Telematikinfrastruktur) network to capture SMC-B-signed authentication material by substituting a forged OIDC discovery document. The vulnerability affects all versions prior to 1.2.2 and requires the attacker to intercept TLS connections between the client and Identity Provider. …

RemediationAI

Within 24 hours: Inventory all instances of epa4all-client across healthcare IT environments and document current versions. Within 7 days: Apply vendor patch to epa4all-client version 1.2.2 or later on all systems; prioritize systems handling sensitive healthcare data. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45575 vulnerability details – vuln.today

Back

epa4all-client CVE-2026-45575

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

Impact

Patches

Workarounds

Resources

Credits

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code