What is CVE-2026-33585?

CVE-2026-33585 is a low-severity vulnerability in Arqit Symmetric Key Agreement Platform, classified under CWE-233. CVSS score: 3.8/10. Published 2026-05-13.

How severe is CVE-2026-33585?

Low severity. CVSS v3 base score is 3.8 out of 10.

Vulnerability in Arqit Symmetric Key Agreement Platform

CVE-2026-33585

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agr…

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.8 (Low). Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L.

Affected products

Arqit Symmetric Key Agreement Platform — versions 0

Weakness classification (CWE)

CWE-233

References

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 (third-party-advisory)

Frequently asked questions

What is CVE-2026-33585?: CVE-2026-33585 is a low-severity vulnerability in Arqit Symmetric Key Agreement Platform, classified under CWE-233. CVSS score: 3.8/10. Published 2026-05-13.
How severe is CVE-2026-33585?: Low severity. CVSS v3 base score is 3.8 out of 10.