CVE-2026-54424
HighCVSS 8.4Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
Risk Assessment
An attacker can gain full control over the Windows system by executing code in the SYSTEM account context, leading to host compromise and access to sensitive data.
Recommendation
Immediately update Parsec for Windows to version 150-104a or later. Restrict application access to trusted users only.
Original NVD description (English source)
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.

