CVE-2026-25892

Name of the Vulnerable Software and Affected Versions Adminer versions prior to 5.4.2

Description Adminer is database management software. Versions 5.4.1 and earlier have a flawed version check process. The adminer.org domain sends signed version information via JavaScript postMessage, which is then sent by the browser to the ''?script=version'' endpoint. This endpoint does not validate the origin of the POST request, allowing attackers to send a crafted version[] parameter. PHP interprets this parameter as an array, which causes a TypeError when passed to the openssl verify() function, resulting in an HTTP 500 error for all users.

Recommendations Upgrade to Adminer version 5.4.2.