Primary

Context

Arqit SKA-Platform Keycloak Interface Idle Timeout Management Vulnerability Allowing User Impersonation

Vulnerability

A vulnerability exists in the Arqit SKA-Platform's Keycloak interface, specifically in versions prior to 26.03. The issue arises from improper handling of the idle timeout parameter, which allows an attacker to impersonate an authenticated tenant user by exploiting an unexpired browser session.

Impact

Exploitation of this vulnerability allows for user impersonation, potentially leading to unauthorized actions being performed on behalf of the impersonated user.

Remediation

Users can upgrade to Arqit SKA-Platform version 26.03 to address this vulnerability.

Added: May 13, 2026, 7:32 PM

Updated: May 13, 2026, 7:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arqit SKA-Platform Keycloak Interface Idle Timeout Management Vulnerability Allowing User Impersonation

Vulnerability

Impact

Remediation

Affected Products

Arqit SKA-Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating