CVE-2026-33583

HIGH 8.7

Arqit SKA-Platform Vulnerable to Key Exposure

CVSS Score

8.7

EPSS Score

0.0%

EPSS Percentile

0th

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03.

CWE	CWE-749
Vendor	arqit
Product	symmetric key agreement platform
Published	May 13, 2026
Last Updated	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for arqit symmetric key agreement platform

Be the first to know when new high vulnerabilities affecting arqit symmetric key agreement platform are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

Arqit / Symmetric Key Agreement Platform

0 < 26.03

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cvcn.gov.it: https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583