CVE-2026-3861
Denial of Service via Dialog Flood in LINE iOS Browser
Publication date: 2026-04-16
Last updated on: 2026-04-30
Assigner: LINE Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linecorp | line_client | to 26.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the LINE client for iOS versions prior to 26.3.0, specifically in its in-app browser. When a user opens a specially crafted web page, it can repeatedly trigger operating system level dialogs. This repeated triggering can cause the iOS device to become temporarily inoperable.
How can this vulnerability impact me? :
This vulnerability can impact you by causing your iOS device to become temporarily unusable. Since the crafted web page can repeatedly trigger OS-level dialogs, it may disrupt normal device operation and prevent you from using your device until the issue resolves.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the LINE client for iOS to version 26.3.0 or later, as versions prior to 26.3.0 contain the vulnerability.
Avoid opening untrusted or crafted web pages within the in-app browser until the update is applied.