PT-2026-39995 · Google Cloud · Alloydb For Postgresql

Mark Lawrenson

·

Published

2026-05-12

·

Updated

2026-05-12

·

CVE-2026-7428

CVSS v4.0

9.2

Critical

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber
Name of the Vulnerable Software and Affected Versions Google Cloud AlloyDB for PostgreSQL versions prior to 2025-11-03
Description Users utilizing Terraform or the REST API could create clusters with an insecure default password. A remote attacker with network access to the AlloyDB cluster could exploit this to gain full administrative access to the database. This issue is limited to clusters created via Terraform or the REST API, as other clients blocked this behavior.
Recommendations Update to the version released on or after 2025-11-03.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-7428

Affected Products

Alloydb For Postgresql