🔐 CVE Alert

CVE-2026-54424

HIGH 8.4
CVSS Score
8.4
EPSS Score
0.0%
EPSS Percentile
0th

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.

CWE CWE-648
Vendor unity
Product parsec
Published Jul 4, 2026
Stay Ahead of the Next One

Get instant alerts for unity parsec

Be the first to know when new high vulnerabilities affecting unity parsec are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Unity / Parsec
0 ≤ v2026-05-04.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
parsec.app: https://parsec.app/ support.parsec.app: https://support.parsec.app/hc/en-us/articles/50612943726612-CVE-2026-54424 tomadimitrie.dev: https://www.tomadimitrie.dev/blog/CVE-2026-54424 github.com: https://github.com/tomadimitrie/CVE-2026-54424