CVE-2026-41872_CVE-2026-41872

7.4 / 10

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.

Basic Information

ID CVE-2026-41872

Source jpcert

Published May 12, 2026 at 05:21

Affected Product

Vendor EPG, Inc.

Product "Kura Sushi Official App" for Android

Version from 2.0.11 to 3.9.10

Affected Versions EPG, Inc. "Kura Sushi Official App" for Android from 2.0.11 to 3.9.10
EPG, Inc. "Kura Sushi Official App" for iOS from 2.0.11 to 3.9.10

CWE Classification

CWE-295

References

{
    "lastseen": "",
    "description": "\"Kura Sushi Official App\" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.",
    "published": "2026-05-12T05:21:42.802Z",
    "modified": "2026-05-12T05:21:42.802Z",
    "type": "cve",
    "title": "CVE-2026-41872",
    "source": "jpcert",
    "references": "https://play.google.com/store/apps/details?id=jp.co.kura_corpo&hl=ja\nhttps://apps.apple.com/jp/app/id942355925\nhttps://jvn.jp/en/jp/JVN38632731/",
    "id": "CVE-2026-41872",
    "bulletinFamily": "",
    "cwe": [
        "CWE-295"
    ],
    "cvelist": null,
    "sourceData": "EPG, Inc. \"Kura Sushi Official App\" for Android from 2.0.11 to 3.9.10\nEPG, Inc. \"Kura Sushi Official App\" for iOS from 2.0.11 to 3.9.10",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "\"Kura Sushi Official App\" for Android",
    "version": "from 2.0.11 to 3.9.10",
    "vendor": "EPG, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}