Authentication Bypass in Capacitor-Native-Biometric by Cap-Go
CVE-2026-56294

4.3MEDIUM

Key Information:

Vendor: Capacitor-native-biometric
Status: Capacitor-native-biometric
Vendor: CVE Published:; 20 June 2026

🔔 Create Capacitor-native-biometric Vulnerability Alert

What is CVE-2026-56294?

The capacitor-native-biometric product by Cap-Go prior to version 12.128.2 exhibits a vulnerability that compromises biometric authentication mechanisms. This flaw occurs when the onAuthenticationSucceeded() method fails to properly validate the CryptoObject parameters. Consequently, attackers can exploit dynamic instrumentation techniques to manipulate this function, thereby bypassing biometric authentication processes without presenting valid credentials. This undermines the security intended for user authentication and poses significant risks to sensitive information.

Affected Version(s)

capacitor-native-biometric 0 < 12.128.2

capacitor-native-biometric 12.128.2

References

https://github.com/Cap-go/capgo/security/advisories/GHSA-...

vendor-advisory

https://www.vulncheck.com/advisories/capacitor-native-bio...

third-party-advisory

CVSS V4

Score:

4.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2026
Vulnerability Reserved
Jun 20, 2026

Credit

itz-d0dgy-2nd

CVE-2026-56294 Data

JSON