Vulnerability Description
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-7428?
CVE-2026-7428 is a documented vulnerability. Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited ...
How severe is CVE-2026-7428?
CVSS scoring is not yet available for CVE-2026-7428. Check NVD for updates.
Is there a patch for CVE-2026-7428?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.