CVE-2026-33583 HIGH

CVE-2026-33583: Arqit SKA-Platform Vulnerable to Key Exposure

Vendor Arqit
Product Symmetric Key Agreement Platform
Weakness CWE-749
Published May 13, 2026
Last update May 13, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03.

Key dates

02Disclosure timeline

May 13, 2026 CVE published
May 13, 2026 Record updated