CVE-2026-54424
Parsec Elevation of Privilege via Privileged API Misuse
Description
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
INFO
Published Date :
July 4, 2026, 12:45 a.m.
Last Modified :
July 4, 2026, 12:45 a.m.
Remotely Exploit :
No
Source :
mitre
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 8254265b-2729-46b6-b9e3-3dfca2d5bfca |
Solution
- Update Parsec for Windows to version 150-104a or later.
- Ensure Parsec runs with least privilege.
- Validate environment variable configurations.
Public PoC/Exploit Available at Github
CVE-2026-54424 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Exploiting Parsec for Windows to gain SYSTEM privileges
C++ C
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-54424 vulnerability anywhere in the article.