Google Cloud · Alloydb For Postgresql · CVE-2026-7428
**Name of the Vulnerable Software and Affected Versions**
Google Cloud AlloyDB for PostgreSQL versions prior to 2025-11-03
**Description**
Users utilizing Terraform or the REST API could create clusters with an insecure default password. A remote attacker with network access to the AlloyDB cluster could exploit this to gain full administrative access to the database. This issue is limited to clusters created via Terraform or the REST API, as other clients blocked this behavior.
**Recommendations**
Update to the version released on or after 2025-11-03.