CVE-2026-33583

HIGH NVD

CVSS Score 8.7

Severity HIGH

Published May 13, 2026

Vendor unknown

Description

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03.

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583