CRITICALCVE-2026-41872Published 2026-05-12Modified 2026-05-12CNA jpcert

CVE-2026-41872: "Kura Sushi Official App" provided by EPG, Inc

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.

CVSS v4.0: 9.1
Severity: CRITICAL
Fixed in: —
Affected Products: 2

Affected packages

EPG, Inc. / "Kura Sushi Official App" for Android
from 2.0.11 to 3.9.10
EPG, Inc. / "Kura Sushi Official App" for iOS
from 2.0.11 to 3.9.10

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

play.google.com
apps.apple.com
jvn.jp

Metrics