capacitor-native-biometric – Authentication Bypass via Unvalidated CryptoObject in onAuthenticationSucceeded

4.3 / 10

MEDIUM

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.

Basic Information

ID CVE-2026-56294

Source VulnCheck

Published Jun 20, 2026 at 15:24

Affected Product

Vendor capacitor-native-biometric

Product capacitor-native-biometric

Affected Versions capacitor-native-biometric capacitor-native-biometric 0

CWE Classification

CWE-287

References

{
    "lastseen": "",
    "description": "capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.",
    "published": "2026-06-20T15:24:45.431Z",
    "modified": "2026-06-20T15:24:45.431Z",
    "type": "cve",
    "title": "capacitor-native-biometric - Authentication Bypass via Unvalidated CryptoObject in onAuthenticationSucceeded",
    "source": "VulnCheck",
    "references": "https://github.com/Cap-go/capgo/security/advisories/GHSA-vx5f-vmr6-32wf\nhttps://www.vulncheck.com/advisories/capacitor-native-biometric-authentication-bypass-via-unvalidated-cryptoobject-in-onauthenticationsucceeded",
    "id": "CVE-2026-56294",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "capacitor-native-biometric capacitor-native-biometric 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "capacitor-native-biometric",
    "version": "0",
    "vendor": "capacitor-native-biometric",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

capacitor-native-biometric – Authentication Bypass via Unvalidated CryptoObject in onAuthenticationSucceeded_CVE-2026-56294