PT-2026-40776 · Arqit+1 · Soa Platform+1

Published

2026-05-13

·

Updated

2026-05-13

·

CVE-2026-33585

CVSS v3.1

3.8

Low

VectorAV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Symmetric Key Agreement Platform versions prior to 26.03
Description Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform allows an attacker to impersonate an authenticated tenant user by utilizing an unexpired browser session.
Recommendations Update to version 26.03 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-33585

Affected Products

Keycloak
Soa Platform