CVE-2026-14961
CVE-2026-14961
CVSS Score
6.2
EPSS Score
0.0%
EPSS Percentile
0th
Pegatron `Tdelo64.sys` exposes a privileged device interface, `\\.\TdeIo`, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By sending crafted requests to IOCTL, a local attacker can achieve arbitrary kernel memory read and write operations, leading to privilege escalation to `NT AUTHORITY\SYSTEM`, security product bypass, credential theft, or complete system compromise.
| Vendor | pegatron corp. |
| Product | tdelo64.sys |
| Published | Jul 15, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for pegatron corp. tdelo64.sys
Be the first to know when new medium vulnerabilities affecting pegatron corp. tdelo64.sys are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Pegatron Corp. / Tdelo64.sys
02-17-2025 โค 02-17-2025