Description
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
Published: 2026-07-04
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Title Parsec Elevated Privilege Vulnerability via AppData Manipulation

Tue, 07 Jul 2026 11:45:00 +0000

Type Values Removed Values Added
Title Parsec Elevation of Privilege via AppData Manipulation

Mon, 06 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 09:30:00 +0000

Type Values Removed Values Added
Title Parsec Elevation of Privilege via AppData Manipulation

Mon, 06 Jul 2026 00:45:00 +0000

Type Values Removed Values Added
Title Privileged API Misuse in Unity Parsec Enabling SYSTEM Account Elevation

Sun, 05 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Title Privileged API Misuse in Unity Parsec Enabling SYSTEM Account Elevation

Sun, 05 Jul 2026 00:30:00 +0000

Type Values Removed Values Added
Title Parsec Windows Elevation of Privilege via Incorrect Use of Privileged APIs

Sat, 04 Jul 2026 08:45:00 +0000

Type Values Removed Values Added
Title Parsec Windows Elevation of Privilege via Incorrect Use of Privileged APIs

Sat, 04 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Description An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
First Time appeared Unity
Unity parsec
Weaknesses CWE-648
CPEs cpe:2.3:a:unity:parsec:*:*:*:*:*:*:*:*
Vendors & Products Unity
Unity parsec
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-07-06T15:35:01.009Z

Reserved: 2026-06-14T04:15:58.932Z

Link: CVE-2026-54424

cve-icon Vulnrichment

Updated: 2026-07-06T15:34:54.283Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T10:45:03Z

Weaknesses