PatchSiren

Pegatron Corp. CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Pegatron Corp. CVE published 2026-07-15

CVE-2026-14960

The CVE-2026-14960 vulnerability involves the Pegatron Tdelo64.sys driver, which exposes privileged hardware access functionality through the TdeIo device interface. Specifically, IOCTL handlers such as TDE_IOCTL_INDEXIO_READ and TDE_IOCTL_INDEXIO_WRITE allow unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without proper authorization checks. This oversight enables a [truncated]