Skip to main content

line-desktop-mcp CVE-2026-49357

| EUVDEUVD-2026-38016 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-06-19 GitHub_M GHSA-4hf8-5mjm-rfgq
8.8
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.2 HIGH

Network-reachable /mcp with no auth (AV:N/AC:L/PR:N/UI:N); full chat-history disclosure gives C:H, ability to send messages as user gives I:L; no availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Jun 19, 2026 - 15:32 EUVD
Source Code Evidence Fetched
Jun 19, 2026 - 14:17 vuln.today
Analysis Generated
Jun 19, 2026 - 14:17 vuln.today
CVE Published
Jun 19, 2026 - 13:11 cve.org
HIGH 8.8

DescriptionCVE.org

Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. line-desktop-mcp supports a --http-mode Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to 0.0.0.0 and exposes the MCP /mcp endpoint without an MCP-layer authentication check. Prior to version 1.1.2, any network client that can reach the port can initialize a session, list tools, and call tools that read LINE Desktop chat history or send LINE messages through the already logged-in desktop application. Version 1.1.2 fixes the issue.

AnalysisAI

Missing authentication in line-desktop-mcp prior to 1.1.2 lets any network-reachable client invoke MCP tools that read LINE chat history and send messages through the logged-in LINE Desktop application. When started with --http-mode, the server binds 0.0.0.0 and exposes /mcp without an MCP-layer auth check, enabling unauthenticated remote abuse. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Scan network for exposed /mcp port
Delivery
Open MCP session over HTTP without auth
Exploit
List available LINE tools
Execution
Invoke read-chat-history tool
Impact
Exfiltrate conversations and send messages as victim

Vulnerability AssessmentAI

Exploitation Exploitation requires that the victim runs line-desktop-mcp older than 1.1.2 in its non-default --http-mode transport with the listening interface reachable from the attacker (the README explicitly showed --host 0.0.0.0), and that LINE Desktop is installed and already logged in on the host so the MCP tools can drive it. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are consistent and point to a real, high-priority issue rather than score inflation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same LAN, VPN, or internet-exposed network scans for the default port 3000 on machines running line-desktop-mcp --http-mode --host 0.0.0.0, opens an MCP session against /mcp without credentials, lists available tools, and then calls them to exfiltrate the victim's LINE chat history and send attacker-controlled messages (e.g. phishing or fraud) from the logged-in account. …
Remediation Vendor-released patch: upgrade to line-desktop-mcp 1.1.2 or later (e.g. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Upgrade line-desktop-mcp to version 1.1.2 or later; if immediate upgrade is not possible, disable --http-mode. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49357 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy