{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21427", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-12-25T00:23:40.578Z", "datePublished": "2026-01-08T04:12:21.781Z", "dateUpdated": "2026-01-22T07:03:11.927Z"}, "containers": {"cna": {"affected": [{"vendor": "PIONEER CORPORATION", "product": "USB DAC Amplifier APS-DA101JS", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "USB DAC Amplifier APS-DA101JR", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "USB DAC Amplifier APS-DA101JGL", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "USB DAC Amplifier APS-DA101JGR", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Lite APS-S201JS", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Lite APS-S201JR", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Lite APS-S201JGL", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Lite APS-S201JGR", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Limited APS-S202J-LM", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova APS-S301 series", "versions": [{"version": "all versions", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer."}], "problemTypes": [{"descriptions": [{"description": "Uncontrolled Search Path Element", "lang": "en-US", "cweId": "CWE-427", "type": "CWE"}]}], "references": [{"url": "https://jpn.pioneer/ja/support/software/stellanova/dac_driver/"}, {"url": "https://jvn.jp/en/jp/JVN17956874/"}], "tags": ["unsupported-when-assigned"], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-01-22T07:03:11.927Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T15:52:49.936381Z", "id": "CVE-2026-21427", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T15:52:56.950Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21427", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-08T15:52:49.936381Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T15:52:53.638Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "PIONEER CORPORATION", "product": "USB DAC Amplifier APS-DA101JS", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "USB DAC Amplifier APS-DA101JR", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "USB DAC Amplifier APS-DA101JGL", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "USB DAC Amplifier APS-DA101JGR", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Lite APS-S201JS", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Lite APS-S201JR", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Lite APS-S201JGL", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Lite APS-S201JGR", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova Limited APS-S202J-LM", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "PIONEER CORPORATION", "product": "Stellanova APS-S301 series", "versions": [{"status": "affected", "version": "all versions"}]}], "references": [{"url": "https://jpn.pioneer/ja/support/software/stellanova/dac_driver/"}, {"url": "https://jvn.jp/en/jp/JVN17956874/"}], "descriptions": [{"lang": "en", "value": "The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-01-22T07:03:11.927Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21427", "state": "PUBLISHED", "dateUpdated": "2026-01-22T07:03:11.927Z", "dateReserved": "2025-12-25T00:23:40.578Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-01-08T04:12:21.781Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "vultures@jpcert.or.jp", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer."}, {"lang": "es", "value": "Los instaladores para m\u00faltiples productos proporcionados por PIONEER CORPORATION contienen un problema con la ruta de b\u00fasqueda de DLL, lo que puede llevar a la carga insegura de Bibliotecas de Enlace Din\u00e1mico. Como resultado, c\u00f3digo arbitrario puede ser ejecutado con los privilegios del instalador en ejecuci\u00f3n."}], "id": "CVE-2026-21427", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-01-08T04:15:56.690", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jpn.pioneer/ja/support/software/stellanova/dac_driver/"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN17956874/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:47:28.658766+00:00", "value": {"mitigation_remediation": ["Download and install the latest PIONEER installers that address the DLL search path vulnerability from the official support page and replace any older installer binaries.", "Run the installer from a secured, non\u2011trusted directory and avoid executing it in a folder that might contain malicious DLLs; consider temporarily clearing or limiting the system DLL search paths during installation.", "Restrict system environment variables that influence DLL loading (e.g., PATH, SystemRoot) to known safe directories while the installer is running to reduce the risk of DLL hijacking."], "summary": {"action": "Patch Now", "impact": "Arbitrary code execution via installer DLL search path flaw"}, "threat_synthesis": {"affected_systems": "The affected products are all Pioneer Corporation audio devices, including the Stellanova APS\u2011S301 series, Stellanova Limited APS\u2011S202J\u2011LM, various Stellanova Lite models (APS\u2011S201JGL, APS\u2011S201JGR, APS\u2011S201JR, APS\u2011S201JS), and USB DAC Amplifier models (APS\u2011DA101JGL, APS\u2011DA101JGR, APS\u2011DA101JR, APS\u2011DA101JS). No specific firmware or software version details are provided in the current advisory.", "description_and_impact": "Installers supplied by PIONEER CORPORATION contain a DLL search path issue that allows insecure loading of Dynamic Link Libraries. This flaw can cause the installer to execute an attacker\u2011supplied DLL with the same privileges as the installer process, delivering arbitrary code execution and potentially elevating the attacker\u2019s privileges on the target system. The vulnerability is categorized as CWE\u2011427, a path traversal and DLL hijacking weakness.", "risk_and_exploitability": "The vulnerability scores a high CVSS of 8.5, indicating substantial impact if exploited. The EPSS score is below 1%, suggesting that exploitation attempts are currently uncommon, and the issue is not listed in CISA\u2019s KEV catalog. Nevertheless, since the attack requires only the ability to run the vulnerable installer, an individual with local access or the ability to supply malicious DLLs can trigger the flaw. The mitigation is most effective by replacing the installer with a patched version or preventing the installer from loading arbitrary DLLs through environment controls."}}}}, "created": "2026-01-08T09:47:42.666348+00:00", "title": "Insecure DLL Search Path in Pioneer Installers Allows Arbitrary Code Execution", "updated": "2026-04-18T08:00:05.783613+00:00", "vendors": ["pioneer", "pioneer$PRODUCT$stellanova_lite_aps-s201jgl", "pioneer$PRODUCT$stellanova_lite_aps-s201jgr", "pioneer$PRODUCT$stellanova_lite_aps-s201jr", "pioneer$PRODUCT$stellanova_lite_aps-s201js", "pioneer$PRODUCT$stelllanova_aps-s301_series", "pioneer$PRODUCT$stelllanova_limited_aps-s202j-lm", "pioneer$PRODUCT$usb_dac_amplifier_aps-da101jgl", "pioneer$PRODUCT$usb_dac_amplifier_aps-da101jgr", "pioneer$PRODUCT$usb_dac_amplifier_aps-da101jr", "pioneer$PRODUCT$usb_dac_amplifier_aps-da101js"]}