Line Desktop Mcp
Monthly
Missing authentication in line-desktop-mcp prior to 1.1.2 lets any network-reachable client invoke MCP tools that read LINE chat history and send messages through the logged-in LINE Desktop application. When started with --http-mode, the server binds 0.0.0.0 and exposes /mcp without an MCP-layer auth check, enabling unauthenticated remote abuse. No public exploit identified at time of analysis, but the fix (1.1.2) and commit are public, making reconstruction trivial.
Missing authentication in line-desktop-mcp prior to 1.1.2 lets any network-reachable client invoke MCP tools that read LINE chat history and send messages through the logged-in LINE Desktop application. When started with --http-mode, the server binds 0.0.0.0 and exposes /mcp without an MCP-layer auth check, enabling unauthenticated remote abuse. No public exploit identified at time of analysis, but the fix (1.1.2) and commit are public, making reconstruction trivial.