Published:2026/07/13  Last Updated:2026/07/13

JVNVU#94039788
Denial-of-service (DoS) vulnerability in the in-app browser of LINE client for iOS

Overview

LINE client for iOS provided by LY Corporation contains a vulnerability in the in-app browser due to insufficient safeguards when handling arbitrary URL schemes, which may lead to denial-of-service (DoS) condition.

Products Affected

  • LINE client for iOS prior to 26.3.0

Description

LINE client for iOS provided by LY Corporation contains a vulnerability in the in-app browser due to insufficient safeguards when handling arbitrary URL schemes, which may lead to denial-of-service (DoS) condition (CWE-400, CVE-2026-3861).

Impact

Visiting a specially crafted web page may trigger repeated dialog pop-ups, potentially causing an iOS device to become temporarily inoperable.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
LY Corporation CVE-2026-3861

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia