CVE-2026-33585

LOW 3.8

Arqit SKA-Platform Improper Handling of Parameters Vulnerability

CVSS Score

3.8

EPSS Score

0.0%

EPSS Percentile

0th

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03.

CWE	CWE-233
Vendor	arqit
Product	symmetric key agreement platform
Published	May 13, 2026
Last Updated	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for arqit symmetric key agreement platform

Be the first to know when new low vulnerabilities affecting arqit symmetric key agreement platform are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

Arqit / Symmetric Key Agreement Platform

0 < 26.03

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cvcn.gov.it: https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585