HomeCVE Intelligence › CVE-2026-49357
CVSS 7.5 HIGH Vulnerability

CVE-2026-49357: Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication

Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication Summary line-desktop-mcp supports a --http-mode Streamable HTTP transport for use with clients such as n8n. In this mode the server bi…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-49357
Vendornpm
Affected Productline-desktop-mcp
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication

Summary line-desktop-mcp supports a --http-mode Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to 0.0.0.0 and exposes the MCP /mcp endpoint without an MCP-layer authentication check. Any network client that can reach the port can initialize a session, list tools, and call tools that read LINE Desktop chat history or send LINE messages through the already logged-in desktop application. This is High for deployments where the HTTP port is reachable beyond the local host, because the server acts with the user authority of the logged-in LINE Desktop session. It is lower if the listener is strictly firewalled to trusted local clients.

Affected version Re

🎯 Known Indicators of Compromise

{"type":"ipv4","value":"0.0.0.0","confidence_score":0.88,"first_seen":"2026-06-26","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-49357 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence