Description
Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583
Scores
CVSS v3
8.7
EPSS
0.0021
EPSS Percentile
10.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-749
Status
published
Products (1)
Arqit/Symmetric Key Agreement Platform
< 26.03
Published
May 13, 2026
Tracked Since
May 14, 2026