CVE-2026-544241
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a.
A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
- Public exploit or PoC is available
- CVSS base score ≥ 7.0
Exploitation evidence
1 of 7 sourcesCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPublic Exploits & PoCs
1ATT&CK techniques
1Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
▤ Build a SIEM detection for these techniquesCAPEC attack patterns
2Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.