CVE-2026-14960

CVE-2026-14960

Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WRITE` permit unprivileged user-mode call…

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2026-14960?
CVE-2026-14960 is a vulnerability, classified under CWE-284 IMPROPER ACCESS CONTROL. Published 2026-07-15.
Is CVE-2026-14960 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.