CVE-2026-56294
MediumCVSS 4.8Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
Versions of capacitor-native-biometric before 12.128.2 contain an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.
Risk Assessment
This vulnerability could lead to unauthorized access to systems, posing a serious threat to user data security.
Recommendation
It is recommended to upgrade to version 12.128.2 or later to eliminate this vulnerability and secure the system against potential attacks.
Original NVD description (English source)
capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.

