CVE Catalog

CVE-2026-56294

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

Versions of capacitor-native-biometric before 12.128.2 contain an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.

Risk Assessment

This vulnerability could lead to unauthorized access to systems, posing a serious threat to user data security.

Recommendation

It is recommended to upgrade to version 12.128.2 or later to eliminate this vulnerability and secure the system against potential attacks.

Original NVD description (English source)

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS