5 matches found
CVE-2026-33585
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-33584
Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...
EUVD-2026-30114
Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-33584
Summary: CVE-2026-33584 affects the Arqit Symmetric Key Agreement Platform, where the Keycloak management service is exposed, allowing unauthorized access to sensitive debug information (metrics and health data) for versions before 26.03. The CVSS 3.1 base score is 5.3 (MEDIUM) with network attac...
CVE-2026-33583 Arqit SKA-Platform Vulnerable to Key Exposure
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...