8.4
HIGH CVSS 3.1
CVE-2026-54424
Parsec Elevation of Privilege via Privileged API Misuse
Description

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.

INFO

Published Date :

July 4, 2026, 12:45 a.m.

Last Modified :

July 4, 2026, 12:45 a.m.

Remotely Exploit :

No

Source :

mitre
Affected Products

The following products are affected by CVE-2026-54424 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Unity parsec
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH 8254265b-2729-46b6-b9e3-3dfca2d5bfca
CVSS 3.1 HIGH [email protected]
Solution
Update Parsec to the latest version to fix privilege escalation flaws.
  • Update Parsec for Windows to version 150-104a or later.
  • Ensure Parsec runs with least privilege.
  • Validate environment variable configurations.
Public PoC/Exploit Available at Github

CVE-2026-54424 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Exploiting Parsec for Windows to gain SYSTEM privileges

C++ C

Updated: 1 day, 7 hours ago
0 stars 0 fork 0 watcher
Born at : May 8, 2026, 6:21 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-54424 vulnerability anywhere in the article.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.