Vulnerability Description
TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the search_path setting to locate unqualified database objects (tables, functions, operators). If the search_path includes user-writable schemas a malicious user can create functions in that schema that shadow builtin postgres functions and will be called instead of the postgres functions leading to arbitrary code execution during extension upgrade. This issue has been patched in version 2.25.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Timescale | Timescaledb | >= 2.23.0, < 2.25.2 |
Related Weaknesses (CWE)
References
- https://github.com/timescale/timescaledb/commit/9a8f7f8bdeb99e6abae0786ffe526791Patch
- https://github.com/timescale/timescaledb/pull/9331Issue TrackingPatch
- https://github.com/timescale/timescaledb/releases/tag/2.25.2ProductRelease Notes
- https://github.com/timescale/timescaledb/security/advisories/GHSA-vgp2-jj5c-828mMitigationVendor Advisory
FAQ
What is CVE-2026-29089?
CVE-2026-29089 is a vulnerability with a CVSS score of 8.8 (HIGH). TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the search_path setting to locate unqual...
How severe is CVE-2026-29089?
CVE-2026-29089 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-29089?
Check the references section above for vendor advisories and patch information. Affected products include: Timescale Timescaledb.