PT-2026-39995 · Google Cloud · Alloydb For Postgresql
Mark Lawrenson
·
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2026-7428
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber |
Name of the Vulnerable Software and Affected Versions
Google Cloud AlloyDB for PostgreSQL versions prior to 2025-11-03
Description
Users utilizing Terraform or the REST API could create clusters with an insecure default password. A remote attacker with network access to the AlloyDB cluster could exploit this to gain full administrative access to the database. This issue is limited to clusters created via Terraform or the REST API, as other clients blocked this behavior.
Recommendations
Update to the version released on or after 2025-11-03.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alloydb For Postgresql