Improper Idle Timeout Management in Keycloak Interface of Arqit SKA-Platform
CVE-2026-33585

3.8LOW

Key Information:

Vendor: Arqit
Status: Symmetric Key Agreement Platform
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-33585?

A vulnerability in the Keycloak interface of the Arqit SKA-Platform allows attackers to exploit improper management of the idle timeout parameter. This flaw can lead to unauthorized impersonation of authenticated tenant users, enabling the intruder to maintain access through an unexpired browser session. Organizations using affected versions of the Arqit SKA-Platform must take immediate action to mitigate this risk.

Affected Version(s)

Symmetric Key Agreement Platform 0 < 26.03

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585

third-party-advisory

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33585 Data

JSON