CVE-2026-3861

Summary

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable.

Affected Software

VendorProductVersion RangeStatus
LY CorporationLINE client for iOS26.3.0 < *unaffected

Weaknesses

  • CWE-400

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References