CVE-2026-33585 LOW

CVE-2026-33585: Arqit SKA-Platform Improper Handling of Parameters Vulnerability

Vendor Arqit
Product Symmetric Key Agreement Platform
Weakness CWE-233
Published May 13, 2026
Last update May 13, 2026

CVSS base score

3.8/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03.

Key dates

02Disclosure timeline

May 13, 2026 CVE published
May 13, 2026 Record updated