CVE-2026-33583

EUVD-2026-30113
Exposure of the QKEY (used as 
input into the ‘OTA-Quantum’ device registration process) and internal 
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.

This issue affects Symmetric Key Agreement Platform: before 26.03.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583