CVE-2026-41872

Summary

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.

Affected Software

VendorProductVersion RangeStatus
EPG, Inc.“Kura Sushi Official App” for Androidfrom 2.0.11 to 3.9.10affected
EPG, Inc.“Kura Sushi Official App” for iOSfrom 2.0.11 to 3.9.10affected

Weaknesses

  • CWE-295: Improper certificate validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References