An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
Metrics
Affected Vendors & Products
References
History
Tue, 07 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Parsec Elevated Privilege Vulnerability via AppData Manipulation |
Tue, 07 Jul 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Parsec Elevation of Privilege via AppData Manipulation |
Mon, 06 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 06 Jul 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Parsec Elevation of Privilege via AppData Manipulation |
Mon, 06 Jul 2026 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Privileged API Misuse in Unity Parsec Enabling SYSTEM Account Elevation |
Sun, 05 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Privileged API Misuse in Unity Parsec Enabling SYSTEM Account Elevation |
Sun, 05 Jul 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Parsec Windows Elevation of Privilege via Incorrect Use of Privileged APIs |
Sat, 04 Jul 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Parsec Windows Elevation of Privilege via Incorrect Use of Privileged APIs |
Sat, 04 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable. | |
| First Time appeared |
Unity
Unity parsec |
|
| Weaknesses | CWE-648 | |
| CPEs | cpe:2.3:a:unity:parsec:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Unity
Unity parsec |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: mitre
Published: 2026-07-04T00:45:24.208Z
Updated: 2026-07-06T15:35:01.009Z
Reserved: 2026-06-14T04:15:58.932Z
Link: CVE-2026-54424
Updated: 2026-07-06T15:34:54.283Z
No data.
No data.