There’s a remote code execution vulnerability in live555’s RSTP server library, which TouchDesigner seems to use live555 (there’s a DLL for it in the install directory), so it may be wise to update that once there’s a fix.
Thanks for the update on this, we’ll look into it.
The next build we post, 2018.26780 or later, will have this vulnerability fixed. Thanks for your report.