Improper Certificate Validation Vulnerability in Kura Sushi Official App by EPG, Inc.
CVE-2026-41872

9.1CRITICAL

Key Information:

Vendor

Epg, Inc.

Status
"kura Sushi Official App" For Android
"kura Sushi Official App" For iOS
Vendor
CVE Published:
12 May 2026

What is CVE-2026-41872?

The Kura Sushi Official App, developed by EPG, Inc., is exposed to a vulnerability that allows improper certificate validation. This issue can lead to man-in-the-middle attacks, which may enable an attacker to intercept or modify communications between the app and its server. Consequently, sensitive user data transmitted via push notifications could be compromised, highlighting the importance of secure certificate handling within mobile applications.

Affected Version(s)

"Kura Sushi Official App" for Android from 2.0.11 to 3.9.10

"Kura Sushi Official App" for iOS from 2.0.11 to 3.9.10

References

https://play.google.com/store/apps/details?id=jp.co.kura_...
https://apps.apple.com/jp/app/id942355925
https://jvn.jp/en/jp/JVN38632731/

CVSS V4

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.