IT Consulting, Service and Management
Our decades of implementation and integration experience allows us to deliver best-of-class IT services to our customers
Security and Endpoint Protection
Defend your networks from active adversaries, ransomware, phishing, malware, and more.
Data Continuity
Backup and recovery services are a necessity for todays modern networks. We can help to determine where and when your data needs to live to be sure it's always available
Cloud Services
With so many options and implementation scenarios available, let us help you determine how best to use new services available from the cloud.
Technology services dedicated to bridging the gap between technology and your business
Since 1996, our mission has always been to help our clients maximize productivity and efficiency by expertly maintaining existing infrastructures, as well as designing and implementing new technologies, allowing them to continue growing into the future.
- Knowledgeable and friendly staff
- Flexible consumption-based pricing models
- Online strategy and consulting services
- Decades of experience
News, updates, trends and the latest
info you need to know about IT
July 16, 2026
Overview
A denial-of-service (DoS) vulnerability exists in some HTTP/2 server implementations that fail to adequately limit resource consumption when buffering response data under stalled flow-control conditions. A remote, unauthenticated attacker can trigger memory exhaustion and service interruption by using standard flow-control parameters such as SETTINGS_INITIAL_WINDOW_SIZE = 0 to stall outbound data for multiple simultaneous request streams.
Description
HTTP/2 is a widely used application-layer protocol that supports multiplexing, header compression, and flow-control mechanisms to regulate the transmission of data between web browsers and servers. Flow control is designed to prevent senders from overwhelming receivers and relies on client-advertised window sizes to determine the maximum volume of unacknowledged data that can be in transit at any given time.
A client can intentionally stall outbound flow control by withholding WINDOW_UPDATE frames or by advertising SETTINGS_INITIAL_WINDOW_SIZE = 0. In some HTTP/2 implementations, the server continues processing requests and generating complete response bodies even though it is unable to transmit them. The resulting response data remains buffered in memory, and each stalled stream retains its allocated buffer until the connection closes or a timeout occurs.
An attacker can exploit this behavior by opening many simultaneous streams and requesting large resources, causing the server to accumulate large amounts of buffered response data. In environments with permissive resource limits, this can lead to excessive memory consumption, swap exhaustion, service instability, and, in severe cases, system crashes. Even under more conservative limits, the attack can exhaust worker or connection resources and degrade service availability.
Impact
A remote, unauthenticated attacker can cause denial-of-service conditions on affected HTTP/2 server implementations. Under high resource limits, an attacker may be able to induce unbounded memory amplification resulting in OOM kills, severe swap thrashing, or full system unresponsiveness. Under default or lower limits, the attack can exhaust available connections or worker resources, temporarily preventing new clients from establishing sessions and degrading overall service availability.
Solution
Several vendors have addressed this vulnerability in recent updates; see the Vendor Information section for individual CVEs and remediation details. Implementations that enforce memory ceilings, restrict concurrent stream counts, and actively terminate stalled connections can substantially reduce the risk of denial-of-service conditions.
Acknowledgements
Thanks to the Okta Red Team for researching and reporting this vulnerability. This document was written by Molly Jaconski.
July 16, 2026
Overview
A Pickle deserialization vulnerability has been discovered within the SGLang project, enabling an attacker to perform remote code execution (RCE) on the target vulnerable server. In order for an attacker to exploit this vulnerability, the expert-parallel backup subsystem must be enabled, and an attacker must have network access to the SGLang service. No patch is available at this time, and no response was obtained from the project maintainers during coordination.
Description
SGLang is an open-source framework for serving large language models (LLMs) and multimodal AI models, supporting models such as Qwen, DeepSeek, Mistral, and Skywork, and is compatible with OpenAI APIs. A vulnerability has been discovered within the tool and is tracked as follows:
CVE-2026-14890
SGLang uses an expert-parallel backup subsystem designed to handle the large amount of compute and memory constraints associated with different model types. This system, when running, exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when the feature is enabled and the service is reachable over the network.
The vulnerability is caused by the ZeroMQ PULL socket in expert_backup_manager.py binding to an external IP address with no authentication, meaning that any process that can reach the endpoint can send a payload that eventually gets deserialized with Pickle. This vulnerability is structurally similar to CVE-2026-7301 and CVE-2026-7304 in that it enables unauthenticated remote code execution via unsafe deserialization of data through pickle.loads(), but differs by occurring in the expert-parallel backup subsystem, rather than the multimodal scheduler or custom logit processor interfaces.
Impact
If exploited, this vulnerability could allow an unauthenticated attacker to achieve remote code execution on the host running SGLang. Deployments that expose the affected interface to untrusted networks are at the highest risk of exploitation.
Solution
Until a patch is available, affected users should consider the following mitigations:
Mitigations
Restrict access to the service interfaces and ensure they are not exposed to untrusted networks.
Implement network segmentation and access controls to prevent unauthorized interaction with the vulnerable endpoints.
Change SGLANG_USE_PICKLE_IPC to “false” within environ.py.
The SGLang maintainers have made strides in addressing pickle deserialization vulnerabilities, and have begun to work to refactor the code base with msgpack to prevent deserialization issues such as CVE-2026-14890, but the SGLANG_USE_PICKLE_IPC defaults to true within the codebase at the time of writing.
Acknowledgements
Thanks to the reporter, edwardav970@gmail.com.
This document was written by Christopher Cullen.
July 15, 2026
Overview
A privilege escalation vulnerability exists in the tdeio64.sys driver due to an unprotected input/output control (IOCTL) dispatch routine that fails to validate the origin and permissions of user-supplied requests. An unprivileged local attacker can abuse exposed IOCTL dispatch routines [RM1.1][MB1.2]to perform arbitrary kernel memory read and write operations, ultimately obtaining NT AUTHORITYSYSTEM privileges and compromising the security of the affected system.
Description
The tdeio64.sys driver distributed by Pegatron Corporation, a Taiwanese electronics manufacturer that produces motherboards and OEM components, is a Windows Driver Model (WDM) driver that provides low-level access to system I/O ports and hardware components. The driver exposes the \.TdeIo device interface and processes privileged IOTL requests without enforcing adequate access control or validating user-supplied memory addresses.
CVE-2026-14961 By sending a crafted DeviceIoControl request, an unprivileged attacker can abuse the driver’s IOCTL dispatcher to perform arbitrary kernel memory reads and writes. This capability can be used to overwrite the current process token with the SYSTEM process token, resulting in privilege escalation to NT AUTHORITYSYSTEM.
CVE-2026-14960 In addition to arbitrary kernel memory access, the driver exposes IOCTLs capable of interacting directly with hardware I/O ports. An attacker who successfully exploits these interfaces may be able to manipulate hardware resources in ways that extend beyond normal operating system protections.
Impact
Successful exploitation provides an attacker with arbitrary kernel read and write capabilities, enabling a complete compromise of the operating system. An attacker can elevate privileges to NT AUTHORITYSYSTEM, bypass or disable endpoint security controls, extract credentials from protected processes such as lsass.exe, install persistent rootkits, manipulate kernel data structures, and issue low-level hardware I/O operations.
Solution
At the time of publication, no vendor-supported fix is available for the Pegatron tdeio64.sys kernel driver vulnerability.
Mitigations
Organizations should disable or remove the vulnerable driver where it is not required, prevent untrusted users from loading or interacting with the driver, and implement solutions such as Windows Defender Application Control (WDAC) or Hypervisor-Protected Code Integrity (HVCI) to block known vulnerable drivers from loading where supported.
Acknowledgements
Thanks to Lucian Alexandru Necula for researching and reporting this vulnerability. This document was written by Michael Bragg.
Contact us today if you'd like to know more
about how we can keep your network working at its best
VistaNet, Inc is a technology consulting and services company, helping enterprises
marry scale with agility to achieve competitive advantage.
