PT-2026-40762 · Arqit · Symmetric Key Agreement Platform

Published

2026-05-13

Updated

2026-05-13

CVE-2026-33583

CVSS v3.1

8.7

High

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Arqit Symmetric Key Agreement Platform versions prior to 26.03

Description The Arqit Symmetric Key Agreement Platform allows the exposure of the QKEY, which is used as input for the 'OTA-Quantum' device registration process, as well as internal system keys. This occurs through an unauthenticated and unencrypted HTTP GET method.

Recommendations Update to version 26.03 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-749

Related Identifiers

CVE-2026-33583

Affected Products

Symmetric Key Agreement Platform

PT-2026-40762 · Arqit · Symmetric Key Agreement Platform

CVE-2026-33583

Weakness Enumeration

Related Identifiers

Affected Products

References · 4