Vulnerability Report

CVE-2026-25892

Title: Adminer Adminer Input Validation Error

Input Validation Error

Proof Of Concept

PoC Available for CVE-2026-25892

CWE Category CWE-20
Published Date Feb 09, 2026
Modified Date Feb 20, 2026
Exploit Status Available
Score 7.5 CVSS v3.1
Exploit Probability (EPSS)
4.46%

Vulnerability Summary

CVE-2026-25892: Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2.

Impacted Vendors

A
adminer 1

Reference Links

https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3 https://github.com/vrana/adminer/releases/tag/v5.4.2 https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh
CVSS v3.1
Source Entity [email protected]
Severity HIGH
7.5
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-25892 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/dzmind2312/CVE_2026_25892
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Stack

No specific products linked.