The quintic polynomial cannot be solved -- as Abel and Galois have shown. Which only means that there are instances of a five degree polynomial for which no formula offers a solution. Which in practice means that there are countless instances of the quintic, subscribing to a particular class, for which there is a solving formula. The same for NIST PQC ciphers -- even if they had (which they don't) a proof of no general solution, they are all plagued by the reality that keys of a particular class offer a breach route. The troubling aspect here, is that it is not easy to find these 'weak keys',and when some are found, it is not clear whether there are more.

A code writer aware of a weak key class may simply avoid complying keys, but a code writer unaware of weak keys is plagued by the risk of an attacker discovering such keys. Let's say an attacker finds that keys K, that can be written as. K = at + r. namely keys where. K = r MOD a, where all letters represent integers, for some particular a and r, do offer a breach route. We further assume that the code writer is not aware of this weak key, and hence will not avoid it. In that case statistically 1/a portions of the randomly selected keys will be secretly breachable, and that is the proportion of messages that will be exposed.

The threat of the weak keys in endemic to the complexity build up strategy chosen by NIST. The only way to avoid it is to pivot to Pattern Devoid Cryptography and to Non-Trivial Ciphertexts (NTC).

https://www.youtube.com/watch