[Japanese]

JVNDB-2026-000004

The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries

Overview

The installers for multiple products provided by PIONEER CORPORATION contain the following vulnerability.
  • Uncontrolled search path element (CWE-427) - CVE-2026-21427
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products

The driver software for the following products is affected by this vulnerability:

Pioneer Corporation
  • Stellanova Lite APS-S201JGL
  • Stellanova Lite APS-S201JGR
  • Stellanova Lite APS-S201JR
  • Stellanova Lite APS-S201JS
  • Stelllanova APS-S301 Series
  • Stelllanova Limited APS-S202J-LM
  • USB DAC amp APS-DA101JGL
  • USB DAC amp APS-DA101JGR
  • USB DAC amp APS-DA101JR
  • USB DAC amp APS-DA101JS

Impact

Arbitrary code may be executed with the privileges of the running installer.
Solution

[Contact the developer]
Contact the developer for mitigations. For more information, see [Vendor Status] section below.
Vendor Information

Pioneer Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-21427
References

  1. JVN : JVN#17956874
  2. JVN : JVNTA#91240916
Revision History

  • [2026/01/08]
      Web page was published

Date Public2026/01/08
Date First Published2026/01/08
Date Last Updated2026/01/08