Description
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Sat, 04 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable. | |
| First Time appeared |
Unity
Unity parsec |
|
| Weaknesses | CWE-648 | |
| CPEs | cpe:2.3:a:unity:parsec:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Unity
Unity parsec |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-04T00:45:24.208Z
Reserved: 2026-06-14T04:15:58.932Z
Link: CVE-2026-54424
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses