CVE-2026-21427

Summary

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer.

Affected Software

VendorProductVersion RangeStatus
PIONEER CORPORATIONUSB DAC Amplifier APS-DA101JSall versionsaffected
PIONEER CORPORATIONUSB DAC Amplifier APS-DA101JRall versionsaffected
PIONEER CORPORATIONUSB DAC Amplifier APS-DA101JGLall versionsaffected
PIONEER CORPORATIONUSB DAC Amplifier APS-DA101JGRall versionsaffected
PIONEER CORPORATIONStellanova Lite APS-S201JSall versionsaffected
PIONEER CORPORATIONStellanova Lite APS-S201JRall versionsaffected
PIONEER CORPORATIONStellanova Lite APS-S201JGLall versionsaffected
PIONEER CORPORATIONStellanova Lite APS-S201JGRall versionsaffected
PIONEER CORPORATIONStellanova Limited APS-S202J-LMall versionsaffected
PIONEER CORPORATIONStellanova APS-S301 seriesall versionsaffected

Weaknesses

  • CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References