Parallels

Parallels, known for virtualization and remote access software, has a high-severity vulnerability (CVSS 7.8) that requires local access and valid user credentials to exploit, but grants attackers complete control over confidentiality, integrity, and availability once activated. The attack does not require user interaction, making it a significant risk for systems where multiple users have local access or where credential compromise is possible. Security teams should monitor for suspicious privilege escalation attempts and lateral movement activity on Parallels-based systems, particularly after the vendor's June 25, 2026 patch deadline passes.