Primary

Context

Arqit Symmetric Key Agreement Platform QKEY Exposure Vulnerability

Vulnerability

A vulnerability in the Arqit Symmetric Key Agreement Platform prior to version 26.03 allows for the unauthenticated and unencrypted exposure of the QKEY used in the 'OTA-Quantum' device registration process, as well as internal system keys. This exposure occurs through a REST API that can be accessed via an HTTP GET method, enabling network attackers to retrieve sensitive cryptographic keys from the platform's database.

Impact

Exploitation of this vulnerability allows network attackers to access and retrieve sensitive cryptographic keys, including the QKEY used for device registration, from the platform's database. This could potentially lead to unauthorized access or manipulation of cryptographic processes or data.

Remediation

Users can upgrade to Arqit Symmetric Key Agreement Platform version 26.03 or later to address this vulnerability.

Added: May 13, 2026, 7:32 PM

Updated: May 13, 2026, 7:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arqit Symmetric Key Agreement Platform QKEY Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Arqit Symmetric Key Agreement Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating