CVE-2026-33583 | THREATINT

Description

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03.

PUBLISHED Reserved 2026-03-23 | Published 2026-05-13 | Updated 2026-05-13 | Assigner ENISA

HIGH: 8.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-749 Exposed dangerous method or function

Product status

Default status

unaffected

Any version before 26.03

affected

References

www.cvcn.gov.it/cvcn/cve/CVE-2026-33583 third-party-advisory

cve.org (CVE-2026-33583)

nvd.nist.gov (CVE-2026-33583)

Download JSON