CVE-2026-33583

Summary

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.

This issue affects Symmetric Key Agreement Platform: before 26.03.

Affected Software

VendorProductVersion RangeStatus
ArqitSymmetric Key Agreement Platform0 < 26.03affected

Weaknesses

  • CWE-749: CWE-749 Exposed dangerous method or function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References