Arqit SKA-Platform Enables Access to Debug Information
Summary
| CVE | CVE-2026-33584 |
|---|---|
| State | PUBLISHED |
| Assigner | ENISA |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-13 19:17:07 UTC |
| Updated | 2026-05-14 17:19:49 UTC |
| Description | Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03. |
Risk And Classification
Primary CVSS: v3.1 5.3 MEDIUM from a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS: 0.000140000 probability, percentile 0.027660000 (date 2026-05-25)
Problem Types: CWE-749 | CWE-749 CWE-749 Exposed dangerous method or function
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 | Secondary | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | CNA | CVSS | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Arqit | Symmetric Key Agreement Platform | affected 26.03 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.cvcn.gov.it/cvcn/cve/CVE-2026-33584 | a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 | www.cvcn.gov.it | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.