Search criteria
6 vulnerabilities found for Symmetric Key Agreement Platform by Arqit
CVE-2026-33585 (GCVE-0-2026-33585)
Vulnerability from nvd – Published: 2026-05-13 18:46 – Updated: 2026-05-13 19:31
VLAI
Title
Arqit SKA-Platform Improper Handling of Parameters Vulnerability
Summary
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.
This issue affects Symmetric Key Agreement Platform: before 26.03.
Severity
CWE
- CWE-233 - Improper handling of parameters
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arqit | Symmetric Key Agreement Platform |
Affected:
0 , < 26.03
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T19:28:17.084847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:31:17.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symmetric Key Agreement Platform",
"vendor": "Arqit",
"versions": [
{
"lessThan": "26.03",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper management of the idle timeout parameter\u0026nbsp;in the Keycloak interface of\u0026nbsp;the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.\n\n\u003cp\u003eThis issue affects Symmetric Key Agreement Platform: before 26.03.\u003c/p\u003e"
}
],
"value": "Improper management of the idle timeout parameter\u00a0in the Keycloak interface of\u00a0the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.\n\n\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "CWE-233 Improper handling of parameters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:46:13.920Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arqit SKA-Platform Improper Handling of Parameters Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-33585",
"datePublished": "2026-05-13T18:46:13.920Z",
"dateReserved": "2026-03-23T12:53:47.473Z",
"dateUpdated": "2026-05-13T19:31:17.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33584 (GCVE-0-2026-33584)
Vulnerability from nvd – Published: 2026-05-13 18:30 – Updated: 2026-05-13 19:39
VLAI
Title
Arqit SKA-Platform Enables Access to Debug Information
Summary
Exposed Keycloak management
service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug
information such as metrics and
health data. This issue affects Symmetric Key Agreement Platform: before 26.03.
Severity
5.3 (Medium)
CWE
- CWE-749 - Exposed dangerous method or function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arqit | Symmetric Key Agreement Platform |
Affected:
0 , < 26.03
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T19:37:59.672987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:39:01.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symmetric Key Agreement Platform",
"vendor": "Arqit",
"versions": [
{
"lessThan": "26.03",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data.\u0026nbsp;This issue affects Symmetric Key Agreement Platform: before 26.03."
}
],
"value": "Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data.\u00a0This issue affects Symmetric Key Agreement Platform: before 26.03."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed dangerous method or function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:35:29.330Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arqit SKA-Platform Enables Access to Debug Information",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-33584",
"datePublished": "2026-05-13T18:30:48.206Z",
"dateReserved": "2026-03-23T12:53:47.473Z",
"dateUpdated": "2026-05-13T19:39:01.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33583 (GCVE-0-2026-33583)
Vulnerability from nvd – Published: 2026-05-13 18:19 – Updated: 2026-05-13 18:57
VLAI
Title
Arqit SKA-Platform Vulnerable to Key Exposure
Summary
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and internal
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.
This issue affects Symmetric Key Agreement Platform: before 26.03.
Severity
8.7 (High)
CWE
- CWE-749 - Exposed dangerous method or function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arqit | Symmetric Key Agreement Platform |
Affected:
0 , < 26.03
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:57:23.168695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:57:55.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symmetric Key Agreement Platform",
"vendor": "Arqit",
"versions": [
{
"lessThan": "26.03",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of the QKEY (used as \ninput into the \u2018OTA-Quantum\u2019 device registration process) and internal \nsystem keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.\u003cp\u003eThis issue affects Symmetric Key Agreement Platform: before 26.03.\u003c/p\u003e"
}
],
"value": "Exposure of the QKEY (used as \ninput into the \u2018OTA-Quantum\u2019 device registration process) and internal \nsystem keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed dangerous method or function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:19:34.651Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arqit SKA-Platform Vulnerable to Key Exposure",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-33583",
"datePublished": "2026-05-13T18:19:34.651Z",
"dateReserved": "2026-03-23T12:53:47.473Z",
"dateUpdated": "2026-05-13T18:57:55.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33585 (GCVE-0-2026-33585)
Vulnerability from cvelistv5 – Published: 2026-05-13 18:46 – Updated: 2026-05-13 19:31
VLAI
Title
Arqit SKA-Platform Improper Handling of Parameters Vulnerability
Summary
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.
This issue affects Symmetric Key Agreement Platform: before 26.03.
Severity
CWE
- CWE-233 - Improper handling of parameters
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arqit | Symmetric Key Agreement Platform |
Affected:
0 , < 26.03
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T19:28:17.084847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:31:17.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symmetric Key Agreement Platform",
"vendor": "Arqit",
"versions": [
{
"lessThan": "26.03",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper management of the idle timeout parameter\u0026nbsp;in the Keycloak interface of\u0026nbsp;the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.\n\n\u003cp\u003eThis issue affects Symmetric Key Agreement Platform: before 26.03.\u003c/p\u003e"
}
],
"value": "Improper management of the idle timeout parameter\u00a0in the Keycloak interface of\u00a0the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.\n\n\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "CWE-233 Improper handling of parameters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:46:13.920Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arqit SKA-Platform Improper Handling of Parameters Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-33585",
"datePublished": "2026-05-13T18:46:13.920Z",
"dateReserved": "2026-03-23T12:53:47.473Z",
"dateUpdated": "2026-05-13T19:31:17.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33584 (GCVE-0-2026-33584)
Vulnerability from cvelistv5 – Published: 2026-05-13 18:30 – Updated: 2026-05-13 19:39
VLAI
Title
Arqit SKA-Platform Enables Access to Debug Information
Summary
Exposed Keycloak management
service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug
information such as metrics and
health data. This issue affects Symmetric Key Agreement Platform: before 26.03.
Severity
5.3 (Medium)
CWE
- CWE-749 - Exposed dangerous method or function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arqit | Symmetric Key Agreement Platform |
Affected:
0 , < 26.03
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T19:37:59.672987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:39:01.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symmetric Key Agreement Platform",
"vendor": "Arqit",
"versions": [
{
"lessThan": "26.03",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data.\u0026nbsp;This issue affects Symmetric Key Agreement Platform: before 26.03."
}
],
"value": "Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data.\u00a0This issue affects Symmetric Key Agreement Platform: before 26.03."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed dangerous method or function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:35:29.330Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arqit SKA-Platform Enables Access to Debug Information",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-33584",
"datePublished": "2026-05-13T18:30:48.206Z",
"dateReserved": "2026-03-23T12:53:47.473Z",
"dateUpdated": "2026-05-13T19:39:01.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33583 (GCVE-0-2026-33583)
Vulnerability from cvelistv5 – Published: 2026-05-13 18:19 – Updated: 2026-05-13 18:57
VLAI
Title
Arqit SKA-Platform Vulnerable to Key Exposure
Summary
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and internal
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.
This issue affects Symmetric Key Agreement Platform: before 26.03.
Severity
8.7 (High)
CWE
- CWE-749 - Exposed dangerous method or function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arqit | Symmetric Key Agreement Platform |
Affected:
0 , < 26.03
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:57:23.168695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:57:55.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symmetric Key Agreement Platform",
"vendor": "Arqit",
"versions": [
{
"lessThan": "26.03",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of the QKEY (used as \ninput into the \u2018OTA-Quantum\u2019 device registration process) and internal \nsystem keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.\u003cp\u003eThis issue affects Symmetric Key Agreement Platform: before 26.03.\u003c/p\u003e"
}
],
"value": "Exposure of the QKEY (used as \ninput into the \u2018OTA-Quantum\u2019 device registration process) and internal \nsystem keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed dangerous method or function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:19:34.651Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arqit SKA-Platform Vulnerable to Key Exposure",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-33583",
"datePublished": "2026-05-13T18:19:34.651Z",
"dateReserved": "2026-03-23T12:53:47.473Z",
"dateUpdated": "2026-05-13T18:57:55.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}