Ghostwire

CVE-2026-41872: "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle...

HIGH CVSS 7.4 Exploit Available

Published: May 12, 2026 | Last Modified: May 12, 2026

Description

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

apps.apple.com/jp/app/id942355925
jvn.jp/en/jp/JVN38632731/
play.google.com/store/apps/details?id=jp.co.kura_corpo&hl=ja
www.tenable.com/cve/CVE-2026-41872
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-41872
nvd.nist.gov/vuln/detail/CVE-2026-41872