Privilege Escalation Vulnerability in Tdelo64.sys by Pegatron
CVE-2026-14961

Currently unrated

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-14961?

The Pegatron Tdelo64.sys driver exposes an insecure privileged device interface that allows local attackers to exploit its IOCTL functionality. This vulnerability arises from the lack of proper validation for caller privileges and user-supplied memory addresses. By crafting specific IOCTL requests, an attacker can execute arbitrary memory operations, leading to unauthorized access at the highest system privilege level, potential credential theft, and system compromises.

Affected Version(s)

Tdelo64.sys 02-17-2025

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.