[Japanese]

JVNDB-2026-023598

Denial-of-service (DoS) vulnerability in the in-app browser of LINE client for iOS

Overview

LINE client for iOS provided by LY Corporation contains a vulnerability in the in-app browser due to insufficient safeguards when handling arbitrary URL schemes, which may lead to denial-of-service (DoS) condition (CWE-400, CVE-2026-3861).

LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products


LY Corporation
  • LINE client for iOS prior to 26.3.0

Impact

Visiting a specially crafted web page may trigger repeated dialog pop-ups, potentially causing an iOS device to become temporarily inoperable.
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

LY Corporation
CWE (What is CWE?)

  1. Uncontrolled Resource Consumption ('Resource Exhaustion')(CWE-400) [Other]
CVE (What is CVE?)

  1. CVE-2026-3861
References

  1. JVN : JVNVU#94039788
Revision History

  • [2026/07/14]
      Web page was published