CVE Catalog

CVE-2026-7428

Critical
Published: Translated: NVD NIST

Summary

Prior to 2025-11-03, users of Terraform or the REST API for Google Cloud AlloyDB for PostgreSQL could create clusters with an insecure default password, which could be exploited by a remote attacker to gain full administrative access to the database.

Risk Assessment

The risk to the organization is the potential for a remote attacker to gain full access to the database, which could lead to data loss or unauthorized changes.

Recommendation

It is recommended that users change default passwords to strong and unique ones before creating clusters and monitor access to their AlloyDB instances.

Original NVD description (English source)

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS