{ "canonical_id": "adminer--CVE-2026-25892", "system_id": "adminer", "display_name": "Adminer", "category": "platforms", "advisory_mode": "core", "title": "CVE-2026-25892", "summary": "Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2.", "published_at": "2026-02-09T22:16:04.023", "updated_at": "2026-02-20T20:24:32.147", "severity": "high", "cvss_score": 7.5, "exploit_status": "unknown", "source_confidence": "official", "official_source_url": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3", "secondary_source_urls": [ "https://github.com/vrana/adminer/releases/tag/v5.4.2", "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh" ], "aliases": [ "CVE-2026-25892" ], "cve_ids": [ "CVE-2026-25892" ], "ghsa_ids": [], "osv_ids": [], "affected_versions": [], "fixed_versions": [], "package_name": null, "render_markdown": false, "case_path": null, "secure_code_topics": [ "xss-output-encoding", "authz-server-side-recheck" ], "status": "triage", "triage_reasons": [ "missing affected/fixed version details" ], "verification_status": "triage-manual", "verification_mode": "synthetic", "last_verified_at": null, "last_run_id": null, "evidence_bundle": null, "historical_status": null, "latest_status": null, "browser_evidence": { "required": false, "present": false, "refs": [] }, "repro_profile_id": "xss-generic", "artifact_mode": "synthetic", "blocked_reason": null, "metadata": { "source_names": [ "NVD Adminer" ], "source_kinds": [ "nvd-search" ], "candidate_count": 1 } }