## https://sploitus.com/exploit?id=0163FCEC-FFFB-51A4-A2C9-2BCFD02EB8AF
# CVE-2026-54424
Exploiting Parsec for Windows versions < 150-104a to gain:
* Remote code execution as SYSTEM
* Arbitrary file read as SYSTEM
* NTLM hash capture for SYSTEM
The exploits stem from the same vulnerability, but the actual paths diverge.
Technical writeup: https://www.tomadimitrie.dev/blog/CVE-2026-54424
Advisory: https://support.parsec.app/hc/en-us/articles/50612943726612-CVE-2026-54424
NIST: https://nvd.nist.gov/vuln/detail/CVE-2026-54424
Note: The RCE exploit is pretty flaky, but the others work perfectly 100% of the time. The RCE exploits a very tight race condition and tries to extend the race window using big files. So, on modern and performant systems the files might need to be really big. For testing purposes try a VM with 1 core and 1 GB RAM.