CVE Catalog

CVE-2026-54424

HighCVSS 8.4
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.

Risk Assessment

An attacker can gain full control over the Windows system by executing code in the SYSTEM account context, leading to host compromise and access to sensitive data.

Recommendation

Immediately update Parsec for Windows to version 150-104a or later. Restrict application access to trusted users only.

Original NVD description (English source)

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS