An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
History

Tue, 07 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Title Parsec Elevated Privilege Vulnerability via AppData Manipulation

Tue, 07 Jul 2026 11:45:00 +0000

Type Values Removed Values Added
Title Parsec Elevation of Privilege via AppData Manipulation

Mon, 06 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 09:30:00 +0000

Type Values Removed Values Added
Title Parsec Elevation of Privilege via AppData Manipulation

Mon, 06 Jul 2026 00:45:00 +0000

Type Values Removed Values Added
Title Privileged API Misuse in Unity Parsec Enabling SYSTEM Account Elevation

Sun, 05 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Title Privileged API Misuse in Unity Parsec Enabling SYSTEM Account Elevation

Sun, 05 Jul 2026 00:30:00 +0000

Type Values Removed Values Added
Title Parsec Windows Elevation of Privilege via Incorrect Use of Privileged APIs

Sat, 04 Jul 2026 08:45:00 +0000

Type Values Removed Values Added
Title Parsec Windows Elevation of Privilege via Incorrect Use of Privileged APIs

Sat, 04 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Description An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
First Time appeared Unity
Unity parsec
Weaknesses CWE-648
CPEs cpe:2.3:a:unity:parsec:*:*:*:*:*:*:*:*
Vendors & Products Unity
Unity parsec
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-07-04T00:45:24.208Z

Updated: 2026-07-06T15:35:01.009Z

Reserved: 2026-06-14T04:15:58.932Z

Link: CVE-2026-54424

cve-icon Vulnrichment

Updated: 2026-07-06T15:34:54.283Z

cve-icon NVD

No data.

cve-icon Redhat

No data.