CVE-2026-33585

Summary

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.

This issue affects Symmetric Key Agreement Platform: before 26.03.

Affected Software

VendorProductVersion RangeStatus
ArqitSymmetric Key Agreement Platform0 < 26.03affected

Weaknesses

  • CWE-233: CWE-233 Improper handling of parameters

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References