EUVD-2026-16816
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.
Analysis
Remote code execution in gematik Authenticator (macOS) versions 4.12.0 through 4.15.x enables malicious file-triggered command injection when victims open crafted documents. This CWE-78 OS command injection flaw requires no authentication but depends on user interaction (CVSS:3.1/AV:L/AC:L/PR:N/UI:R). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: identify and inventory all macOS systems running gematik Authenticator versions 4.12.0 through 4.15.x using endpoint detection tools; communicate risk to affected users and restrict opening of untrusted documents from external sources. Within 7 days: contact gematik for patch timeline and interim workarounds; consider disabling the authenticator on high-risk systems if alternatives exist pending a vendor fix. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today