CVE-2026-29089 is a vulnerability in TimescaleDB, a PostgreSQL extension designed for high-performance time-series data analytics. The flaw arises from the way PostgreSQL resolves unqualified database objects using the search_path setting. Between versions 2.23.0 and 2.25.1, if the search_path includes schemas writable by untrusted users, those users can create malicious functions that shadow or override built-in PostgreSQL functions. When the TimescaleDB extension is upgraded, these malicious functions may be executed instead of the legitimate ones, resulting in arbitrary code execution within the database server context. This can lead to full compromise of the database environment, including unauthorized data access, data manipulation, or denial of service. The vulnerability is classified under CWE-426 (Untrusted Search Path) and has a CVSS v3.1 score of 8.8, indicating high severity. Exploitation requires low privileges (PR:L), no user interaction, and the attack scope is changed (S:C), affecting confidentiality, integrity, and availability. The issue was publicly disclosed and patched in TimescaleDB version 2.25.2. No known exploits in the wild have been reported yet, but the potential impact is significant given the nature of the vulnerability and the widespread use of TimescaleDB in real-time analytics environments.

The vulnerability allows a malicious user with limited privileges to execute arbitrary code on the database server by exploiting the untrusted search path in TimescaleDB. This can lead to full compromise of the database, including unauthorized data disclosure, data tampering, and disruption of database services. Organizations relying on TimescaleDB for critical real-time analytics and time-series data processing may face severe operational disruptions and data breaches. The compromise of database integrity and availability can cascade into broader application and infrastructure impacts, especially in environments where TimescaleDB is integrated with other systems. The high CVSS score reflects the broad impact on confidentiality, integrity, and availability, combined with the relatively low complexity of exploitation. This threat is particularly concerning for multi-tenant environments or systems with multiple database users where schema permissions are not tightly controlled.

1. Upgrade TimescaleDB to version 2.25.2 or later immediately to apply the official patch addressing this vulnerability. 2. Audit and restrict schema permissions to ensure that user-writable schemas are not included in the search_path or are tightly controlled to prevent untrusted users from creating or modifying functions. 3. Implement strict role-based access controls (RBAC) within PostgreSQL to limit the ability of users to alter search_path settings or create functions in schemas accessible during extension upgrades. 4. Monitor database logs for unusual function creation or schema modifications, especially during extension upgrade operations. 5. Use database security best practices such as isolating database users, minimizing privileges, and employing database activity monitoring tools to detect anomalous behavior. 6. Consider deploying runtime protections or sandboxing mechanisms to limit the impact of arbitrary code execution within the database environment. 7. Regularly review and update database extension versions and configurations as part of a comprehensive patch management strategy.