Search criteria
1 vulnerability by PIONEER CORPORATION
CVE-2026-21427 (GCVE-0-2026-21427)
Vulnerability from cvelistv5 – Published: 2026-01-08 04:12 – Updated: 2026-01-22 07:03 Unsupported When Assigned
VLAI
Summary
The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer.
Severity
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| PIONEER CORPORATION | USB DAC Amplifier APS-DA101JS |
Affected:
all versions
|
|
| PIONEER CORPORATION | USB DAC Amplifier APS-DA101JR |
Affected:
all versions
|
|
| PIONEER CORPORATION | USB DAC Amplifier APS-DA101JGL |
Affected:
all versions
|
|
| PIONEER CORPORATION | USB DAC Amplifier APS-DA101JGR |
Affected:
all versions
|
|
| PIONEER CORPORATION | Stellanova Lite APS-S201JS |
Affected:
all versions
|
|
| PIONEER CORPORATION | Stellanova Lite APS-S201JR |
Affected:
all versions
|
|
| PIONEER CORPORATION | Stellanova Lite APS-S201JGL |
Affected:
all versions
|
|
| PIONEER CORPORATION | Stellanova Lite APS-S201JGR |
Affected:
all versions
|
|
| PIONEER CORPORATION | Stellanova Limited APS-S202J-LM |
Affected:
all versions
|
|
| PIONEER CORPORATION | Stellanova APS-S301 series |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T15:52:49.936381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T15:52:56.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "USB DAC Amplifier APS-DA101JS",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "USB DAC Amplifier APS-DA101JR",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "USB DAC Amplifier APS-DA101JGL",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "USB DAC Amplifier APS-DA101JGR",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Lite APS-S201JS",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Lite APS-S201JR",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Lite APS-S201JGL",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Lite APS-S201JGR",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Limited APS-S202J-LM",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova APS-S301 series",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T07:03:11.927Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jpn.pioneer/ja/support/software/stellanova/dac_driver/"
},
{
"url": "https://jvn.jp/en/jp/JVN17956874/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21427",
"datePublished": "2026-01-08T04:12:21.781Z",
"dateReserved": "2025-12-25T00:23:40.578Z",
"dateUpdated": "2026-01-22T07:03:11.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}