Exposure of the QKEY (used as input into the ‘OTA...
High severity
Unreviewed
Published
May 13, 2026
to the GitHub Advisory Database
•
Updated May 13, 2026
Description
Published by the National Vulnerability Database
May 13, 2026
Published to the GitHub Advisory Database
May 13, 2026
Last updated
May 13, 2026
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and internal
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.
This issue affects Symmetric Key Agreement Platform: before 26.03.
References