Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-41872
PUBLISHED
More InfoOfficial Page
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
View Known Exploited Vulnerability (KEV) details
Published At-12 May, 2026 | 05:21
Updated At-12 May, 2026 | 13:17
Rejected At-
▼CVE Numbering Authority (CNA)

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.

Affected Products
Vendor
EPG, Inc.
Product
"Kura Sushi Official App" for Android
Versions
Affected
  • from 2.0.11 to 3.9.10
Vendor
EPG, Inc.
Product
"Kura Sushi Official App" for iOS
Versions
Affected
  • from 2.0.11 to 3.9.10
Problem Types
TypeCWE IDDescription
CWECWE-295Improper certificate validation
Type: CWE
CWE ID: CWE-295
Description: Improper certificate validation
Metrics
VersionBase scoreBase severityVector
3.07.4HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
4.09.1CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 4.0
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://play.google.com/store/apps/details?id=jp.co.kura_corpo&hl=ja
N/A
https://apps.apple.com/jp/app/id942355925
N/A
https://jvn.jp/en/jp/JVN38632731/
N/A
Hyperlink: https://play.google.com/store/apps/details?id=jp.co.kura_corpo&hl=ja
Resource: N/A
Hyperlink: https://apps.apple.com/jp/app/id942355925
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN38632731/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found