The vulnerability exists in line-desktop-mcp, a tool that lets users control the LINE Desktop application on Windows or Mac through an MCP interface. In the Streamable HTTP mode, the server binds to 0.0.0.0 and exposes its /mcp endpoint without performing any MCP-layer authentication or authorization checks. As a result, any network client that can reach the port can initialise a session, list available tools and invoke those tools that read chat history or send messages through the already logged‑in desktop application. This allows an attacker to read private messages and send arbitrary messages on behalf of the logged‑in user, thus compromising confidentiality and enabling potential impersonation. The weakness is rooted in missing authentication (CWE‑306) and missing authorization (CWE‑862).

Affected installations are those running the line-desktop-mcp project before version 1.1.2, which is available for Windows and Mac. The flaw is present in all builds that expose the HTTP mode without restricting access; the fix is implemented in version 1.1.2 and later.

The CVSS score of 8.8 classifies the vulnerability as high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote network access: any client that can reach the HTTP port can exploit the unauthenticated endpoint, initialise sessions, and interact with the desktop application. No complex prerequisites or special conditions are specified in the description, indicating that exploitation can be performed with a simple HTTP client.