EUVD-2026-38121

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...

CVE-2026-56294

The CVE-2026-56294 vulnerability affects capacitor-native-biometric (before 12.128.2). The onAuthenticationSucceeded() path fails to validate CryptoObject parameters, enabling an attacker to bypass biometric authentication by hooking the function via dynamic instrumentation. This can allow access...

@authnlabs/authn (>=1.0.10 <=1.0.18), @s-ui/sui-tool-app (>=1.5.0 <=1.27.0) potentially affected by unknown CVE via @capgo/capacitor-native-biometric (>=5.1.1 <=6.0.4)

@capgo/capacitor-native-biometric NPM version =5.1.1, =1.0.10, =1.5.0, =1.27.0 Source cves: unknown CVE Source advisory: OSV:GHSA-VX5F-VMR6-32WF...

Improper Authentication

Overview @capgo/capacitor-native-biometric is a This plugin gives access to the native biometric apis for android and iOS Affected versions of this package are vulnerable to Improper Authentication via the onAuthenticationSucceeded function. An attacker can gain unauthorized access by hooking and...

cap-go/capacitor-native-biometric Authentication Bypass

There is a potential issue with the cap-go/capacitor-native-biometric library. --- Summary The cap-go/capacitor-native-biometric library was found to be subject to an authentication bypass as the current implementation of the onAuthenticationSucceeded does not appear to handle a...