CRITICAL
Pegatron Corp.
CVE published 2026-07-15
CVE-2026-14960
The CVE-2026-14960 vulnerability involves the Pegatron Tdelo64.sys driver, which exposes privileged hardware access functionality through the TdeIo device interface. Specifically, IOCTL handlers such as TDE_IOCTL_INDEXIO_READ and TDE_IOCTL_INDEXIO_WRITE allow unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without proper authorization checks. This oversight enables a [truncated]