JVNVU#94039788
Denial-of-service (DoS) vulnerability in the in-app browser of LINE client for iOS
Overview
LINE client for iOS provided by LY Corporation contains a vulnerability in the in-app browser due to insufficient safeguards when handling arbitrary URL schemes, which may lead to denial-of-service (DoS) condition.
Products Affected
- LINE client for iOS prior to 26.3.0
Description
LINE client for iOS provided by LY Corporation contains a vulnerability in the in-app browser due to insufficient safeguards when handling arbitrary URL schemes, which may lead to denial-of-service (DoS) condition (CWE-400, CVE-2026-3861).
Impact
Visiting a specially crafted web page may trigger repeated dialog pop-ups, potentially causing an iOS device to become temporarily inoperable.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| LY Corporation | CVE-2026-3861 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.