{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25892", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-06T21:08:39.130Z", "datePublished": "2026-02-09T21:26:45.224Z", "dateUpdated": "2026-02-10T15:57:46.865Z"}, "containers": {"cna": {"title": "Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh"}, {"name": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3", "tags": ["x_refsource_MISC"], "url": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3"}, {"name": "https://github.com/vrana/adminer/releases/tag/v5.4.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/vrana/adminer/releases/tag/v5.4.2"}], "affected": [{"vendor": "vrana", "product": "adminer", "versions": [{"version": ">= 4.6.2, < 5.4.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-09T21:26:45.224Z"}, "descriptions": [{"lang": "en", "value": "Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2."}], "source": {"advisory": "GHSA-q4f2-39gr-45jh", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T15:39:30.588522Z", "id": "CVE-2026-25892", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:57:46.865Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25892", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-06T21:08:39.130Z", "datePublished": "2026-02-09T21:26:45.224Z", "dateUpdated": "2026-02-10T15:57:46.865Z"}, "containers": {"cna": {"title": "Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh"}, {"name": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3", "tags": ["x_refsource_MISC"], "url": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3"}, {"name": "https://github.com/vrana/adminer/releases/tag/v5.4.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/vrana/adminer/releases/tag/v5.4.2"}], "affected": [{"vendor": "vrana", "product": "adminer", "versions": [{"version": ">= 4.6.2, < 5.4.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-09T21:26:45.224Z"}, "descriptions": [{"lang": "en", "value": "Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2."}], "source": {"advisory": "GHSA-q4f2-39gr-45jh", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25892", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T15:39:30.588522Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:39:31.665Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A0A483B-178F-44CC-9EB7-C469C1F8C106", "versionEndExcluding": "5.4.2", "versionStartIncluding": "4.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2."}, {"lang": "es", "value": "Adminer es un software de gesti\u00f3n de bases de datos de c\u00f3digo abierto. Adminer v5.4.1 y anteriores tiene un mecanismo de verificaci\u00f3n de versi\u00f3n donde adminer.org env\u00eda informaci\u00f3n de versi\u00f3n firmada a trav\u00e9s de JavaScript postMessage, que el navegador luego env\u00eda por POST a ?script=version. Este endpoint carece de validaci\u00f3n de origen y acepta datos POST de cualquier fuente. Un atacante puede enviar por POST el par\u00e1metro version[] que PHP convierte en un array. En la siguiente carga de p\u00e1gina, openssl_verify() recibe este array en lugar de una cadena y lanza TypeError, devolviendo HTTP 500 a todos los usuarios. Actualice a Adminer 5.4.2."}], "id": "CVE-2026-25892", "lastModified": "2026-02-20T20:24:32.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-09T22:16:04.023", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/vrana/adminer/releases/tag/v5.4.2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.6.2,5.4.2)"}}], "product": "adminer", "vendor": "vrana"}], "analysis": {"en": {"generated_at": "2026-04-18T12:57:09.027292+00:00", "value": {"mitigation_remediation": ["Upgrade Adminer to version 5.4.2 or later, which corrects the origin validation and input handling.", "If an upgrade is not immediately possible, restrict POST requests to /?script=version to trusted IP addresses or apply a WAF rule that blocks array parameters or missing origin headers.", "Continuously monitor application logs for unexpected 500 responses or TypeError indications, and respond to any incidents promptly."], "summary": {"action": "Apply Patch", "impact": "Denial of Service (Unauthenticated Persistent DoS)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Adminer versions 5.4.1 and earlier, developed by vrana. Systems running these versions of the open\u2011source database management tool are vulnerable, regardless of deployment size or environment, because the flaw is in unguarded code that all installations share.", "description_and_impact": "Adminer v5.4.1 and earlier lack origin validation on the ?script=version endpoint. An attacker can submit a POST request containing a 'version[]' parameter, which PHP interprets as an array. When openssl_verify() later receives this array instead of a string, it raises a TypeError and triggers an HTTP 500 response for all users. This results in a persistent, unauthenticated denial of service, compromising availability without affecting confidentiality or integrity.", "risk_and_exploitability": "With a CVSS score of 7.5, the flaw is considered high severity. An EPSS score of 5% indicates a moderate likelihood that an adversary will exploit it. The vulnerability is not listed in CISA\u2019s KEV catalog. An attacker can trigger the DoS remotely by sending a crafted POST to the susceptible endpoint; no authentication or privileges are required, making the attack straightforward for any web host exposing Adminer."}}}}, "created": "2026-02-10T11:35:01.890607+00:00", "updated": "2026-04-18T13:00:08.767484+00:00", "vendors": ["vrana", "vrana$PRODUCT$adminer"]}