CVE-2026-7428 (GCVE-0-2026-7428)
Vulnerability from cvelistv5 – Published: 2026-05-12 09:16 – Updated: 2026-05-12 12:25 Exclusively Hosted Service
VLAI?
Title
Insecure default administrative credentials in AlloyDB for PostgreSQL
Summary
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database.
Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.
Severity ?
CWE
- CWE-1392 - Use of default credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Cloud | AlloyDB for PostgreSQL |
Affected:
0 , < 2025-11-03
(date)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T12:23:39.985567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:25:06.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AlloyDB for PostgreSQL",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "2025-11-03",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mark Lawrenson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan\u003ePrior to 2025-11-03,\u0026nbsp;\u003c/span\u003ewell-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters\u0026nbsp;\u003cspan\u003ewith an insecure default password which could have been exploited by a\u0026nbsp;\u003c/span\u003eremote\u003cspan\u003e\u0026nbsp;attacker\u0026nbsp;\u003c/span\u003e\u003cspan\u003eto\u0026nbsp;gain full administrative access to the database.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan\u003eExploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it\u003c/span\u003e\u003cspan\u003e.\u003c/span\u003e"
}
],
"value": "Prior to 2025-11-03,\u00a0well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters\u00a0with an insecure default password which could have been exploited by a\u00a0remote\u00a0attacker\u00a0to\u00a0gain full administrative access to the database.\n\n\n\n\nExploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of default credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T09:16:35.151Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://docs.cloud.google.com/alloydb/docs/release-notes#April_28_2026"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability was patched on November 3, 2025.\u003c/p\u003e\u003cp\u003eImpacted instances have been proactively remediated, and no customer action is needed.\u003c/p\u003e"
}
],
"value": "This vulnerability was patched on November 3, 2025.\n\n\n\nImpacted instances have been proactively remediated, and no customer action is needed."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Insecure default administrative credentials in AlloyDB for PostgreSQL",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2026-7428",
"datePublished": "2026-05-12T09:16:35.151Z",
"dateReserved": "2026-04-29T14:38:05.602Z",
"dateUpdated": "2026-05-12T12:25:06.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-7428",
"date": "2026-05-18",
"epss": "0.00054",
"percentile": "0.16797"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-7428\",\"sourceIdentifier\":\"f45cbf4e-4146-4068-b7e1-655ffc2c548c\",\"published\":\"2026-05-12T10:16:48.490\",\"lastModified\":\"2026-05-12T15:09:58.693\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[{\"sourceIdentifier\":\"f45cbf4e-4146-4068-b7e1-655ffc2c548c\",\"tags\":[\"exclusively-hosted-service\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prior to 2025-11-03,\u00a0well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters\u00a0with an insecure default password which could have been exploited by a\u00a0remote\u00a0attacker\u00a0to\u00a0gain full administrative access to the database.\\n\\n\\n\\n\\nExploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f45cbf4e-4146-4068-b7e1-655ffc2c548c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"f45cbf4e-4146-4068-b7e1-655ffc2c548c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1392\"}]}],\"references\":[{\"url\":\"https://docs.cloud.google.com/alloydb/docs/release-notes#April_28_2026\",\"source\":\"f45cbf4e-4146-4068-b7e1-655ffc2c548c\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"f45cbf4e-4146-4068-b7e1-655ffc2c548c\", \"shortName\": \"GoogleCloud\", \"dateUpdated\": \"2026-05-12T09:16:35.151Z\"}, \"title\": \"Insecure default administrative credentials in AlloyDB for PostgreSQL\", \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-1392\", \"description\": \"CWE-1392 Use of default credentials\", \"type\": \"CWE\"}]}], \"impacts\": [{\"capecId\": \"CAPEC-70\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-70 Try Common or Default Usernames and Passwords\"}]}], \"affected\": [{\"vendor\": \"Google Cloud\", \"product\": \"AlloyDB for PostgreSQL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2025-11-03\", \"versionType\": \"date\"}], \"defaultStatus\": \"unaffected\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Prior to 2025-11-03,\\u00a0well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters\\u00a0with an insecure default password which could have been exploited by a\\u00a0remote\\u00a0attacker\\u00a0to\\u00a0gain full administrative access to the database.\\n\\n\\n\\n\\nExploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"\u003cdiv\u003e\u003cspan\u003ePrior to 2025-11-03,\u0026nbsp;\u003c/span\u003ewell-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters\u0026nbsp;\u003cspan\u003ewith an insecure default password which could have been exploited by a\u0026nbsp;\u003c/span\u003eremote\u003cspan\u003e\u0026nbsp;attacker\u0026nbsp;\u003c/span\u003e\u003cspan\u003eto\u0026nbsp;gain full administrative access to the database.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan\u003eExploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it\u003c/span\u003e\u003cspan\u003e.\u003c/span\u003e\"}]}], \"tags\": [\"exclusively-hosted-service\"], \"references\": [{\"url\": \"https://docs.cloud.google.com/alloydb/docs/release-notes#April_28_2026\"}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"HIGH\", \"subIntegrityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"LOW\", \"exploitMaturity\": \"NOT_DEFINED\", \"Safety\": \"NOT_DEFINED\", \"Automatable\": \"NOT_DEFINED\", \"Recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"AMBER\", \"version\": \"4.0\", \"baseSeverity\": \"CRITICAL\", \"baseScore\": 9.2, \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber\"}}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This vulnerability was patched on November 3, 2025.\\n\\n\\n\\nImpacted instances have been proactively remediated, and no customer action is needed.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"\u003cp\u003eThis vulnerability was patched on November 3, 2025.\u003c/p\u003e\u003cp\u003eImpacted instances have been proactively remediated, and no customer action is needed.\u003c/p\u003e\"}]}], \"credits\": [{\"lang\": \"en\", \"value\": \"Mark Lawrenson\", \"type\": \"reporter\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-7428\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-12T12:23:39.985567Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-12T12:25:01.074Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-7428\", \"assignerOrgId\": \"f45cbf4e-4146-4068-b7e1-655ffc2c548c\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GoogleCloud\", \"dateReserved\": \"2026-04-29T14:38:05.602Z\", \"datePublished\": \"2026-05-12T09:16:35.151Z\", \"dateUpdated\": \"2026-05-12T12:25:06.189Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…