CVE-2026-7428

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,2

Source: f45cbf4e-4146-4068-b7e1-655ffc2c548c

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database.

Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.

1392

Use of Default Credentials

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Authentication

Potential Impacts:

Gain Privileges Or Assume Identity

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific

View CWE Details

https://docs.cloud.google.com/alloydb/docs/release-notes#Ap…

https://docs.cloud.google.com/alloydb/docs/release-notes#April_28_2026

CVE-2026-7428

Description

Use of Default Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter