Skip to main content

Line Desktop Mcp

1 CVEs product

Monthly

CVE-2026-49357 npm HIGH PATCH GHSA This Week

Missing authentication in line-desktop-mcp prior to 1.1.2 lets any network-reachable client invoke MCP tools that read LINE chat history and send messages through the logged-in LINE Desktop application. When started with --http-mode, the server binds 0.0.0.0 and exposes /mcp without an MCP-layer auth check, enabling unauthenticated remote abuse. No public exploit identified at time of analysis, but the fix (1.1.2) and commit are public, making reconstruction trivial.

Authentication Bypass Microsoft Line Desktop Mcp
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Missing authentication in line-desktop-mcp prior to 1.1.2 lets any network-reachable client invoke MCP tools that read LINE chat history and send messages through the logged-in LINE Desktop application. When started with --http-mode, the server binds 0.0.0.0 and exposes /mcp without an MCP-layer auth check, enabling unauthenticated remote abuse. No public exploit identified at time of analysis, but the fix (1.1.2) and commit are public, making reconstruction trivial.

Authentication Bypass Microsoft Line Desktop Mcp
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy