Description
LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable.
Published: 2026-04-16
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service causing temporary device inoperability
Action: Update App
AI Analysis

Impact

Opening a specially crafted page in the LINE iOS in‑app browser repeatedly triggers operating‑system dialogs, making the device temporarily unusable. The flaw does not disclose data or execute code but causes a denial of service through repeated UI prompts, classified as an infinite‑loop type vulnerability (CWE‑451).

Affected Systems

The issue affects LINE client for iOS versions earlier than 26.3.0. Users running those versions are at risk if they encounter or click on links that load malicious content in the in‑app browser.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, and an EPSS score of < 1% indicates a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation at this time. Exploitation requires user action – the victim must open the crafted page – making it a user‑interaction‑dependent denial of service.

Generated by OpenCVE AI on April 17, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the LINE iOS app to version 26.3.0 or later.
  • Avoid opening unknown or suspicious links in the LINE in‑app browser until the app is updated.
  • If an update is not immediately available, consider disabling the in‑app browser feature in the app settings or using an alternative messaging client.

Generated by OpenCVE AI on April 17, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3422905 cve-icon cve-icon
History

Fri, 17 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Title iOS Device Denial of Service via Repeated OS Dialogs in LINE In‑App Browser
Weaknesses CWE-835

Thu, 16 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Line Corporation
Line Corporation line Client For Ios
Vendors & Products Line Corporation
Line Corporation line Client For Ios

Thu, 16 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Title iOS Device Denial of Service via Repeated OS Dialogs in LINE In‑App Browser
Weaknesses CWE-835

Thu, 16 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Line Corporation Line Client For Ios
cve-icon MITRE

Status: PUBLISHED

Assigner: LY-Corporation

Published:

Updated: 2026-04-16T12:31:11.953Z

Reserved: 2026-03-10T05:02:39.735Z

Link: CVE-2026-3861

cve-icon Vulnrichment

Updated: 2026-04-16T12:16:07.683Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-16T07:16:30.090

Modified: 2026-04-17T15:38:09.243

Link: CVE-2026-3861

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T06:30:11Z

Weaknesses