Description
LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable.
Published: 2026-04-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Opening a crafted web page in the LINE iOS in‑app browser repeatedly triggers OS‑level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the device to become temporarily inoperable. The flaw does not disclose data or execute code but causes a denial of service through repeated UI prompts, classified as an infinite‑loop type vulnerability (CWE‑451).

Affected Systems

The issue affects LINE client for iOS versions earlier than 26.3.0. Users running those versions are at risk if they encounter or click on links that load malicious content in the in‑app browser.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity, and an EPSS score of < 1% indicates a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation at this time. Exploitation requires user action – the victim must open the crafted page – making it a user‑interaction‑dependent denial of service.

Generated by OpenCVE AI on April 30, 2026 at 14:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the LINE iOS app to version 26.3.0 or later.
  • Avoid opening unknown or suspicious links in the LINE in‑app browser until the app is updated.
  • If an update is not immediately available, consider disabling the in‑app browser feature in the app settings or using an alternative messaging client.

Generated by OpenCVE AI on April 30, 2026 at 14:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3422905 cve-icon cve-icon
History

Thu, 30 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Repeated OS Dialog Trigger Causing Temporary iOS Device Inoperability via LINE In‑App Browser

Thu, 30 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Description LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable. LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable.
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L'}

Fri, 17 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Title iOS Device Denial of Service via Repeated OS Dialogs in LINE In‑App Browser
Weaknesses CWE-835

Thu, 16 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Line Corporation
Line Corporation line Client For Ios
Vendors & Products Line Corporation
Line Corporation line Client For Ios

Thu, 16 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Title iOS Device Denial of Service via Repeated OS Dialogs in LINE In‑App Browser
Weaknesses CWE-835

Thu, 16 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Line Corporation Line Client For Ios
cve-icon MITRE

Status: PUBLISHED

Assigner: LY-Corporation

Published:

Updated: 2026-04-30T10:34:35.633Z

Reserved: 2026-03-10T05:02:39.735Z

Link: CVE-2026-3861

cve-icon Vulnrichment

Updated: 2026-04-16T12:16:07.683Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-16T07:16:30.090

Modified: 2026-04-30T11:16:21.213

Link: CVE-2026-3861

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:15:40Z

Weaknesses