{"api_version":"1","generated_at":"2026-06-03T00:04:37+00:00","cve":"CVE-2026-33584","urls":{"html":"https://cve.report/CVE-2026-33584","api":"https://cve.report/api/cve/CVE-2026-33584.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-33584","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-33584"},"summary":{"title":"Arqit SKA-Platform Enables Access to Debug Information","description":"Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data. This issue affects Symmetric Key Agreement Platform: before 26.03.","state":"PUBLISHED","assigner":"ENISA","published_at":"2026-05-13 19:17:07","updated_at":"2026-05-14 17:19:49"},"problem_types":["CWE-749","CWE-749 CWE-749 Exposed dangerous method or function"],"metrics":[{"version":"3.1","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584","name":"https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584","refsource":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-33584","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33584","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Arqit","product":"Symmetric Key Agreement Platform","version":"affected 26.03 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"33584","cve":"CVE-2026-33584","epss":"0.000140000","percentile":"0.027660000","score_date":"2026-05-25","updated_at":"2026-05-26 00:10:59"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-33584","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-13T19:37:59.672987Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-13T19:39:01.096Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Symmetric Key Agreement Platform","vendor":"Arqit","versions":[{"lessThan":"26.03","status":"affected","version":"0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data. This issue affects Symmetric Key Agreement Platform: before 26.03."}],"value":"Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data. This issue affects Symmetric Key Agreement Platform: before 26.03."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-749","description":"CWE-749 Exposed dangerous method or function","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-13T18:35:29.330Z","orgId":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","shortName":"ENISA"},"references":[{"tags":["third-party-advisory"],"url":"https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584"}],"source":{"discovery":"UNKNOWN"},"title":"Arqit SKA-Platform Enables Access to Debug Information","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","assignerShortName":"ENISA","cveId":"CVE-2026-33584","datePublished":"2026-05-13T18:30:48.206Z","dateReserved":"2026-03-23T12:53:47.473Z","dateUpdated":"2026-05-13T19:39:01.096Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-13 19:17:07","lastModifiedDate":"2026-05-14 17:19:49","problem_types":["CWE-749","CWE-749 CWE-749 Exposed dangerous method or function"],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"33584","Ordinal":"1","Title":"Arqit SKA-Platform Enables Access to Debug Information","CVE":"CVE-2026-33584","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"33584","Ordinal":"1","NoteData":"Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data. This issue affects Symmetric Key Agreement Platform: before 26.03.","Type":"Description","Title":"Arqit SKA-Platform Enables Access to Debug Information"}]}}}