PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54424 Unity CVE debrief

CVE-2026-54424 is an Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts, potentially leading to Elevation of Privilege. The issue affects Parsec through version 2026-05-04.0 and is patched in Parsec for Windows version 150-104a. An attacker can exploit this vulnerability by manipulating the AppData environment variable when there is an instance of parsecd.exe running as NT AUTHORITY SYSTEM. This vulnerability has a CVSS score of 8.4 and is classified as HIGH severity.

Vendor
Unity
Product
Parsec
CVSS
HIGH 8.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Security teams and administrators responsible for Windows systems using Unity Parsec should be aware of this vulnerability. Given the HIGH severity and potential for Elevation of Privilege, immediate attention is recommended to ensure systems are updated to the patched version. Additionally, defenders should monitor for unusual activity related to parsecd.exe and the AppData environment variable.

Technical summary

The vulnerability exists due to an incorrect use of privileged APIs in Unity Parsec on Windows hosts. Specifically, an attacker can manipulate the AppData environment variable when parsecd.exe is running as NT AUTHORITY SYSTEM, potentially leading to Elevation of Privilege. The issue was addressed in Parsec for Windows version 150-104a. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high level of exploitability and impact.

Defensive priority

High priority should be given to updating affected systems to Parsec for Windows version 150-104a or later. Defenders should also enhance monitoring for suspicious activity related to parsecd.exe and environment variable manipulation.

Recommended defensive actions

  • Update Parsec for Windows to version 150-104a or later immediately.
  • Monitor for unusual instances of parsecd.exe running as NT AUTHORITY SYSTEM.
  • Restrict modifications to the AppData environment variable where possible.
  • Enhance logging and monitoring for potential exploitation attempts.
  • Review and adjust access controls for parsecd.exe and related resources.

Evidence notes

The CVE record and NVD detail provide official information on the vulnerability. Additional sources include a GitHub repository related to the CVE, the Parsec website, and a support article addressing the issue. These sources collectively confirm the vulnerability's existence, its potential impact, and the availability of a patch.

Official resources

This article is AI-assisted and based on the supplied source corpus.