2445265 – (CVE-2026-29089) CVE-2026-29089 timescaledb: TimescaleDB: Arbitrary code execution via malicious functions in user-writable schemas during extension upgrade

Bug 2445265 (CVE-2026-29089) - CVE-2026-29089 timescaledb: TimescaleDB: Arbitrary code execution via malicious functions in user-writable schemas during extension upgrade

Summary: CVE-2026-29089 timescaledb: TimescaleDB: Arbitrary code execution via malicio...

Keywords:
Status:	NEW
Alias:	CVE-2026-29089
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2445424 2445425 2445426
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-06 18:01 UTC by OSIDB Bzimport
Modified:	2026-03-07 04:08 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-06 18:01:40 UTC

TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the search_path setting to locate unqualified database objects (tables, functions, operators). If the search_path includes user-writable schemas a malicious user can create functions in that schema that shadow builtin postgres functions and will be called instead of the postgres functions leading to arbitrary code execution during extension upgrade. This issue has been patched in version 2.25.2.

Note You need to log in before you can comment on or make changes to this bug.