CVE-2026-33583 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: May 14, 2026
Arqit Symmetric Key Agreement Platform - Information Disclosure
Published: May 13, 2026Updated: May 14, 2026Remote Exploitable
Overview
Arqit Symmetric Key Agreement Platform < 26.03 contains an information disclosure caused by exposure of QKEY and internal system keys via unauthenticated and unencrypted HTTP GET method, letting remote attackers access sensitive cryptographic keys, exploit requires network access.
Severity & Score
Severity: High
CVSS Score: 8.7
Impact
Remote attackers can access sensitive cryptographic keys, compromising device registration and system security.
Mitigation
Update to version 26.03 or later.
Related Resources
Details
- CVE ID
- CVE-2026-33583
- Severity
- High
- CVSS Score
- 8.7
- Type
- information_disclosure
- Status
- rejected
CWE
- CWE-749
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N