{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3861", "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "state": "PUBLISHED", "assignerShortName": "LY-Corporation", "dateReserved": "2026-03-10T05:02:39.735Z", "datePublished": "2026-04-16T05:54:05.194Z", "dateUpdated": "2026-04-16T05:54:05.194Z"}, "containers": {"cna": {"affected": [{"vendor": "LINE Corporation", "product": "LINE client for iOS", "versions": [{"version": "-", "status": "affected", "versionType": "custom", "lessThan": "26.3.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "na"}]}], "descriptions": [{"lang": "en", "value": "LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable."}], "references": [{"url": "https://hackerone.com/reports/3422905"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NETWORK", "modifiedAttackComplexity": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedUserInteraction": "REQUIRED", "modifiedScope": "UNCHANGED", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedAvailabilityImpact": "HIGH", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LY-Corporation", "dateUpdated": "2026-04-16T05:54:05.194Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable."}], "id": "CVE-2026-3861", "lastModified": "2026-04-16T07:16:30.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "dl_cve@linecorp.com", "type": "Secondary"}]}, "published": "2026-04-16T07:16:30.090", "references": [{"source": "dl_cve@linecorp.com", "url": "https://hackerone.com/reports/3422905"}], "sourceIdentifier": "dl_cve@linecorp.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,26.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "LINE client for iOS", "source": "cna", "vendor": "LINE Corporation"}, "product": "line_client_for_ios", "vendor": "line_corporation"}], "analysis": {"en": {"generated_at": "2026-04-16T08:53:39.625775+00:00", "value": {"mitigation_remediation": ["Upgrade the LINE iOS app to version 26.3.0 or later. ", "Avoid opening unknown or suspicious links in the LINE in\u2011app browser until the app is updated. ", "If an update is not immediately available, consider disabling the in\u2011app browser feature in the app settings or using an alternative messaging client."], "summary": {"action": "Update App", "impact": "Denial of Service causing temporary device inoperability"}, "threat_synthesis": {"affected_systems": "The issue affects LINE client for iOS versions earlier than 26.3.0. Users running those versions are at risk if they encounter or click on links that load malicious content in the in\u2011app browser.", "description_and_impact": "Opening a specially crafted page in the LINE iOS in-app browser repeatedly triggers operating\u2011system dialogs, making the device temporarily unusable. The flaw does not disclose data or execute code but causes a denial of service through repeated UI prompts, classified as an infinite\u2011loop type vulnerability (CWE\u2011835).", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, and no EPSS data is available, so the likelihood of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation at this time. Exploitation requires user action \u2013 the victim must open the crafted page \u2013 making it a user\u2011interaction\u2011dependent denial of service."}}}}, "created": "2026-04-16T09:00:05.290036+00:00", "title": "iOS Device Denial of Service via Repeated OS Dialogs in LINE In\u2011App Browser", "updated": "2026-04-16T09:11:40.758562+00:00", "vendors": ["line_corporation", "line_corporation$PRODUCT$line_client_for_ios"], "weaknesses": ["CWE-835"]}