CVE-2026-41872 HIGH

CVE-2026-41872

Vendor Epg, Inc.
Product "Kura Sushi Official App" for Android
Weakness CWE-295
Published May 12, 2026
Last update May 12, 2026

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.

Key dates

02Disclosure timeline

May 12, 2026 CVE published
May 12, 2026 Record updated