PT-2026-51153 · Capacitor Native Biometric · @Capgo/Capacitor-Native-Biometric

Itz-D0Dgy-2Nd

Published

2026-06-20

Updated

2026-06-20

CVE-2026-56294

CVSS v3.1

4.8

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions capacitor-native-biometric versions prior to 12.128.2

Description An authentication bypass exists because the onAuthenticationSucceeded() function fails to validate CryptoObject parameters. This allows attackers to use dynamic instrumentation to hook the onAuthenticationSucceeded() function and bypass biometric authentication without providing valid credentials.

Recommendations Update to version 12.128.2 or later. As a temporary workaround, restrict the use of the onAuthenticationSucceeded() function until the update is applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2026-56294

Affected Products

@Capgo/Capacitor-Native-Biometric

PT-2026-51153 · Capacitor Native Biometric · @Capgo/Capacitor-Native-Biometric

CVE-2026-56294

Weakness Enumeration

Related Identifiers

Affected Products

References · 5