CVE-2026-33585 | THREATINT

Description

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03.

PUBLISHED Reserved 2026-03-23 | Published 2026-05-13 | Updated 2026-05-13 | Assigner ENISA

LOW: 3.8CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-233 Improper handling of parameters

Product status

Default status

unaffected

Any version before 26.03

affected

References

www.cvcn.gov.it/cvcn/cve/CVE-2026-33585 third-party-advisory

cve.org (CVE-2026-33585)

nvd.nist.gov (CVE-2026-33585)

Download JSON