Compliance Impact

The vulnerability allows unauthenticated network clients to access and read LINE Desktop chat history or send messages through the logged-in application. This exposure of private chat data could lead to unauthorized disclosure of personal or sensitive information.

Such unauthorized access to personal communication data may violate data protection regulations like GDPR or HIPAA, which require strict controls over access to personal and sensitive information to ensure confidentiality and prevent data breaches.

Therefore, if exploited, this vulnerability could result in non-compliance with these standards due to inadequate access controls and potential data leakage.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-49357 is a security vulnerability in the line-desktop-mcp project versions 1.1.1 and earlier. When the server is run in Streamable HTTP mode using the --http-mode flag, it binds to all network interfaces (0.0.0.0) and exposes the MCP endpoint (/mcp) without requiring any authentication or authorization checks.

This means that any network client with access to the exposed port can initialize a session, list available tools, and invoke functions that can read LINE Desktop chat history or send LINE messages through the already logged-in LINE Desktop application.

The vulnerability arises because the server does not verify the identity or permissions of clients before allowing these actions, potentially exposing private conversations or enabling unauthorized message sending.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have serious impacts if exploited. An attacker with network access to the vulnerable server can:

• Read private LINE Desktop chat history without authorization.
• Send LINE messages as the logged-in user without their consent.

Such unauthorized access and message sending can lead to privacy breaches, impersonation, and potential misuse of the victim's LINE account.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the line-desktop-mcp server is running in Streamable HTTP mode with the --http-mode flag and if it is binding to all network interfaces (0.0.0.0) without authentication.

You can scan your network for open ports where the MCP endpoint (/mcp) is exposed and test if it allows unauthenticated access.

• Use a network scanning tool like nmap to detect open HTTP ports on hosts running line-desktop-mcp: nmap -p <port> --open <target-ip>
• Use curl or a similar HTTP client to check if the /mcp endpoint is accessible without authentication: curl http://<target-ip>:<port>/mcp
• Attempt to list tools or initialize a session by sending HTTP requests to the /mcp endpoint to verify if authentication is enforced.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade line-desktop-mcp to version 1.1.2 or later, which includes fixes requiring Bearer Token authentication for HTTP mode when binding to external interfaces.

If upgrading is not immediately possible, avoid running the server with the --http-mode flag bound to 0.0.0.0 or any non-loopback address.

Configure the server to bind only to the loopback interface (127.0.0.1) to restrict access to local clients.

Disable the send_message_auto feature by default to prevent unauthorized automatic sending of messages.

Implement network-level controls such as firewall rules to restrict access to the HTTP port only to trusted hosts.

Useful 0 Not Useful 0