CVE-2026-33583

HIGH CVSS 8.7 View on NVD ↗

Description

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583

Published: May 13, 2026 19:17 UTC Modified: May 13, 2026 19:17 UTC