CVE-2021-27278

Name of the Vulnerable Software and Affected Versions Parallels Desktop version 16.1.1-49141

Description This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this issue. The specific flaw exists within the Toolgate component, resulting from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this issue to escalate privileges and execute code in the context of the current user on the host system.

Recommendations For Parallels Desktop version 16.1.1-49141, consider restricting access to the Toolgate component to minimize the risk of exploitation until a patch is available. As a temporary workaround, ensure proper validation of user-supplied paths prior to using them in file operations. At the moment, there is no information about a newer version that contains a fix for this issue.