Primary

Context

Keycloak Management Service Debug Information Exposure Vulnerability in Arqit Symmetric Key Agreement Platform

Vulnerability

A vulnerability exists in the Arqit Symmetric Key Agreement Platform in versions prior to 26.03, where the Keycloak management service is exposed. This exposure allows unauthorized access to sensitive debug information, including metrics and health data, through an unencrypted HTTP GET request. The Keycloak developer advises against exposing this interface externally due to the sensitive nature of the information revealed.

Impact

The vulnerability allows unauthorized access to sensitive debug information, such as metrics and health data, which could be exploited to gain insights into the application's internal workings or performance.

Remediation

Users can upgrade to Arqit Symmetric Key Agreement Platform version 26.03 or later to address this vulnerability.

Added: May 13, 2026, 7:32 PM

Updated: May 13, 2026, 7:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Keycloak Management Service Debug Information Exposure Vulnerability in Arqit Symmetric Key Agreement Platform

Vulnerability

Impact

Remediation

Affected Products

Arqit Symmetric Key Agreement Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating