Skip to main content

Kura Sushi Official App For Android

1 CVEs product

Monthly

CVE-2026-41872 CRITICAL Act Now

Man-in-the-middle attacks against Kura Sushi Official App for Android and iOS allow complete interception and modification of push notification traffic due to improper SSL/TLS certificate validation. Attackers on the network path between the mobile app and EPG's notification server can read confidential data (VC:H) and inject arbitrary notifications or commands (VI:H) without authentication or user interaction. The vulnerability affects both Android and iOS versions of the official ordering app from Japanese restaurant chain Kura Sushi. EPSS and KEV data not available; exploitation requires network position but no special credentials or app configuration.

Information Disclosure Kura Sushi Official App For Android Kura Sushi Official App For Ios
NVD VulDB
CVSS 4.0
9.1
EPSS
0.0%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Man-in-the-middle attacks against Kura Sushi Official App for Android and iOS allow complete interception and modification of push notification traffic due to improper SSL/TLS certificate validation. Attackers on the network path between the mobile app and EPG's notification server can read confidential data (VC:H) and inject arbitrary notifications or commands (VI:H) without authentication or user interaction. The vulnerability affects both Android and iOS versions of the official ordering app from Japanese restaurant chain Kura Sushi. EPSS and KEV data not available; exploitation requires network position but no special credentials or app configuration.

Information Disclosure Kura Sushi Official App For Android Kura Sushi Official App For Ios
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy