CVE-2026-54424
High
Published: 04 July 2026
Published
04 July 2026
Modified
04 July 2026
KEV Added
—
Patch
—
CVSS Score v3.1
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
N/A
Summary
CVE-2026-54424 is a high-severity Incorrect Use of Privileged APIs (CWE-648) vulnerability. Its CVSS base score is 8.4 (High).
Operationally, it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-41655
Vulnerability details
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a…
more
situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
- CWE(s)
Related Threats
CVEs Like This One
CVE-2026-20122Shared CWE-648
CVE-2026-41329Shared CWE-648
CVE-2022-20956Shared CWE-648
CVE-2022-24071Shared CWE-648
CVE-2023-29507Shared CWE-648
CVE-2025-7344Shared CWE-648
CVE-2026-35625Shared CWE-648
CVE-2022-20965Shared CWE-648
CVE-2026-41225Shared CWE-648
CVE-2024-32008Shared CWE-648
Affected Assets
—
Windows
inferred from references and description; NVD did not file a CPE for this CVE
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.