Cyber Resilience

CVE-2026-54424

High

Published: 04 July 2026

Published
04 July 2026
Modified
04 July 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score N/A
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-54424 is a high-severity Incorrect Use of Privileged APIs (CWE-648) vulnerability. Its CVSS base score is 8.4 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a…

more

situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-20122Shared CWE-648
CVE-2026-41329Shared CWE-648
CVE-2022-20956Shared CWE-648
CVE-2022-24071Shared CWE-648
CVE-2023-29507Shared CWE-648
CVE-2025-7344Shared CWE-648
CVE-2026-35625Shared CWE-648
CVE-2022-20965Shared CWE-648
CVE-2026-41225Shared CWE-648
CVE-2024-32008Shared CWE-648

Affected Assets

Windows
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References