CVE-2026-7428
CriticalSummary
Prior to 2025-11-03, users of Terraform or the REST API for Google Cloud AlloyDB for PostgreSQL could create clusters with an insecure default password, which could be exploited by a remote attacker to gain full administrative access to the database.
Risk Assessment
The risk to the organization is the potential for a remote attacker to gain full access to the database, which could lead to data loss or unauthorized changes.
Recommendation
It is recommended that users change default passwords to strong and unique ones before creating clusters and monitor access to their AlloyDB instances.
Original NVD description (English source)
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.

