HIGH
dtwang
CVE published 2026-06-19
CVE-2026-49357
CVE-2026-49357 is a high-severity vulnerability in the Line Desktop MCP project, which enables users to operate the LINE Desktop application on Windows or Mac via MCP. The vulnerability arises from the `--http-mode` Streamable HTTP transport, which exposes the MCP `/mcp` endpoint without authentication. This allows any network client that can reach the port to initialize a session, list tools, and call to [truncated]