CVE-2026-29089 is a vulnerability in TimescaleDB, a PostgreSQL extension designed for high-performance time-series analytics. The issue arises from the way PostgreSQL's search_path setting is used between versions 2.23.0 and 2.25.1 of TimescaleDB. The search_path determines the order in which schemas are searched for unqualified database objects such as tables and functions. If the search_path includes schemas writable by untrusted users, these users can create malicious functions that shadow or override built-in PostgreSQL functions. When the TimescaleDB extension is upgraded, these malicious functions may be invoked instead of the legitimate ones, resulting in arbitrary code execution within the database server process. This can lead to full compromise of the database environment, including unauthorized data access, modification, or destruction. The vulnerability is classified under CWE-426 (Untrusted Search Path), highlighting the risk of executing unintended code due to insecure path configurations. The vulnerability requires only low privileges (PR:L) and no user interaction (UI:N), but the scope is changed (S:C) as it can affect the entire database system. The CVSS v3.1 score is 8.8 (high), reflecting the critical impact on confidentiality, integrity, and availability. The issue was addressed in TimescaleDB version 2.25.2 by correcting the search_path handling to prevent untrusted schemas from being used during extension upgrades. No known exploits in the wild have been reported yet, but the potential impact warrants immediate attention.

The vulnerability allows a malicious user with limited privileges to execute arbitrary code with the database server's privileges during extension upgrades. This can lead to full compromise of the database, including unauthorized data disclosure, data manipulation, or denial of service. Organizations relying on TimescaleDB for critical real-time analytics and time-series data processing face risks of data breaches, operational disruption, and potential lateral movement within their infrastructure. Since TimescaleDB is often used in industries such as finance, telecommunications, IoT, and monitoring systems, the impact could extend to critical business functions and regulatory compliance violations. The ease of exploitation combined with the high privileges gained makes this a significant threat to confidentiality, integrity, and availability of affected systems.

The primary mitigation is to upgrade TimescaleDB to version 2.25.2 or later, where the vulnerability is patched. Until upgrading, organizations should audit and restrict schema permissions to ensure that user-writable schemas are not included in the search_path used by PostgreSQL and TimescaleDB. Database administrators should review and harden the search_path configuration to exclude untrusted or user-controlled schemas. Additionally, monitoring and alerting on extension upgrade activities and unusual function creations in user schemas can help detect exploitation attempts. Employing the principle of least privilege for database users and limiting the ability to perform extension upgrades to trusted administrators reduces risk. Regularly applying security patches and maintaining an inventory of TimescaleDB versions in use are also critical steps.