← volver
CVE-2026-14961

CVE-2026-14961

CVSS 6.2 MEDIUMCWE-20CWE-269
Vexday Risk Score
10Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.2EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Pegatron `Tdelo64.sys` exposes a privileged device interface, `\\.\TdeIo`, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By sending crafted requests to IOCTL, a local attacker can achieve arbitrary kernel memory read and write operations, leading to privilege escalation to `NT AUTHORITY\SYSTEM`, security product bypass, credential theft, or complete system compromise.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N