Skip to main content

capacitor-native-biometric EUVDEUVD-2026-38121

| CVE-2026-56294 MEDIUM
Improper Authentication (CWE-287)
2026-06-20 VulnCheck GHSA-58pv-hg46-37r9
4.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
4.3 MEDIUM
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.8 MEDIUM

Physical vector and high complexity required (Frida hooking on rooted device); no prior app privileges needed; no availability impact; integrity impact limited to auth state bypass.

3.1 AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
4.0 AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 22, 2026 - 06:20 vuln.today
Analysis Generated
Jun 22, 2026 - 06:20 vuln.today
Patch available
Jun 20, 2026 - 17:16 EUVD

DescriptionCVE.org

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.

AnalysisAI

Authentication bypass in cap-go/capacitor-native-biometric allows an attacker with physical device access to circumvent biometric authentication by hooking the onAuthenticationSucceeded() callback via dynamic instrumentation. The root cause is that AuthActivity.java's implementation of BiometricPrompt.AuthenticationCallback never retrieves or validates the CryptoObject from the AuthenticationResult, making the entire cryptographic binding between biometric gesture and protected key material moot. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain physical access to target device
Delivery
Root device or use debuggable app build
Exploit
Deploy Frida instrumentation framework
Execution
Inject hook into onAuthenticationSucceeded()
Persist
Trigger callback synthetically bypassing biometric prompt
Impact
Access in-app protected data or functions

Vulnerability AssessmentAI

Exploitation Physical access to the target Android device is required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 4.3 (AV:P/AC:H) correctly reflects that exploitation is constrained to physical device access and requires deploying a dynamic instrumentation toolchain (high attack complexity). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker obtains physical access to a target Android device running a Capacitor application that uses capacitor-native-biometric for authentication. Using a rooted device and a dynamic instrumentation framework such as Frida, the attacker injects a script that hooks the onAuthenticationSucceeded() method in AuthActivity and invokes it programmatically without presenting a valid biometric. …
Remediation Update @capgo/capacitor-native-biometric to the patched version via npm: run 'npm install @capgo/capacitor-native-biometric@latest' and verify the installed version is at or above 8.3.6 (per npm evidence) or 12.128.2 (per EUVD/CVE description). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38121 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy