An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
Metrics
Affected Vendors & Products
References
History
Sat, 04 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable. | |
| First Time appeared |
Unity
Unity parsec |
|
| Weaknesses | CWE-648 | |
| CPEs | cpe:2.3:a:unity:parsec:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Unity
Unity parsec |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-04T00:45:24.208Z
Reserved: 2026-06-14T04:15:58.932Z
Link: CVE-2026-54424
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-04T02:45:15Z