{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/authentication-hijacking/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-33875","authentication-hijacking","gematik-authenticator","deeplink"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Gematik Authenticator, designed for secure user authentication to digital health applications, has a critical vulnerability affecting versions prior to 4.16.0. This vulnerability, identified as CVE-2026-33875, allows for authentication flow hijacking. An attacker can exploit this by crafting a malicious deep link. If a user clicks on this link, the attacker can potentially authenticate using the identity of the victim. This poses a significant risk to user privacy and data security within…\u003c/p\u003e\n","date_modified":"2026-03-27T21:17:24Z","date_published":"2026-03-27T21:17:24Z","id":"/briefs/2026-03-gematik-auth-hijack/","summary":"Gematik Authenticator versions prior to 4.16.0 are vulnerable to authentication flow hijacking via malicious deep links, potentially allowing attackers to authenticate with victim user identities.","title":"Gematik Authenticator Authentication Flow Hijacking Vulnerability (CVE-2026-33875)","url":"https://feed.craftedsignal.io/briefs/2026-03-gematik-auth-hijack/"}],"language":"en","title":"CraftedSignal Threat Feed — Authentication-Hijacking","version":"https://jsonfeed.org/version/1.1"}