CVE-2026-7428: CWE-1392 Use of default credentials in Google Cloud AlloyDB for PostgreSQL
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.
AI Analysis
Technical Summary
This vulnerability involves the use of default credentials in Google Cloud AlloyDB for PostgreSQL clusters created before 2025-11-03 using Terraform or the REST API. The insecure default password could be exploited remotely by attackers with network access to the AlloyDB cluster, granting full administrative access. Other client interfaces prevented this insecure configuration. The vulnerability is tracked as CWE-1392 and carries a CVSS 4.0 score of 9.2, indicating critical severity. As AlloyDB is a cloud service, remediation is managed by Google Cloud.
Potential Impact
An attacker with network access to an affected AlloyDB cluster could exploit the insecure default password to gain full administrative privileges on the database. This compromises the confidentiality, integrity, and availability of the database service. The impact is critical due to the level of access granted and the potential for complete control over the database environment.
Mitigation Recommendations
Google Cloud manages AlloyDB as a cloud-hosted service and has implemented patches to remediate this vulnerability. Users should ensure their AlloyDB clusters are created or updated after 2025-11-03 to avoid the insecure default password issue. Check the official Google Cloud advisory for confirmation of patch deployment and any additional recommended actions. No further user action is required if the service is up to date.
CVE-2026-7428: CWE-1392 Use of default credentials in Google Cloud AlloyDB for PostgreSQL
Description
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves the use of default credentials in Google Cloud AlloyDB for PostgreSQL clusters created before 2025-11-03 using Terraform or the REST API. The insecure default password could be exploited remotely by attackers with network access to the AlloyDB cluster, granting full administrative access. Other client interfaces prevented this insecure configuration. The vulnerability is tracked as CWE-1392 and carries a CVSS 4.0 score of 9.2, indicating critical severity. As AlloyDB is a cloud service, remediation is managed by Google Cloud.
Potential Impact
An attacker with network access to an affected AlloyDB cluster could exploit the insecure default password to gain full administrative privileges on the database. This compromises the confidentiality, integrity, and availability of the database service. The impact is critical due to the level of access granted and the potential for complete control over the database environment.
Mitigation Recommendations
Google Cloud manages AlloyDB as a cloud-hosted service and has implemented patches to remediate this vulnerability. Users should ensure their AlloyDB clusters are created or updated after 2025-11-03 to avoid the insecure default password issue. Check the official Google Cloud advisory for confirmation of patch deployment and any additional recommended actions. No further user action is required if the service is up to date.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GoogleCloud
- Date Reserved
- 2026-04-29T14:38:05.602Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a02f11acbff5d8610c13aef
Added to database: 5/12/2026, 9:21:30 AM
Last enriched: 5/12/2026, 9:36:22 AM
Last updated: 5/12/2026, 9:11:32 PM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.