Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. `line-desktop-mcp` supports a `--http-mode` Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to `0.0.0.0` and exposes the MCP `/mcp` endpoint without an MCP-layer authentication check. Prior to version 1.1.2, any network client that can reach the port can initialize a session, list tools, and call tools that read LINE Desktop chat history or send LINE messages through the already logged-in desktop application. Version 1.1.2 fixes the issue.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Fri, 19 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. `line-desktop-mcp` supports a `--http-mode` Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to `0.0.0.0` and exposes the MCP `/mcp` endpoint without an MCP-layer authentication check. Prior to version 1.1.2, any network client that can reach the port can initialize a session, list tools, and call tools that read LINE Desktop chat history or send LINE messages through the already logged-in desktop application. Version 1.1.2 fixes the issue. | |
| Title | Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication | |
| Weaknesses | CWE-306 CWE-862 |
|
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-19T13:11:08.386Z
Reserved: 2026-05-29T14:35:45.904Z
Link: CVE-2026-49357
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.