CVE-2026-14687 PUBLISHED

666ghj BettaFish InsightEngine search-result Deduplication agent.py _deduplicate_results partial string comparison

Assigner: VulDB
Reserved: 04.07.2026 Published: 05.07.2026 Updated: 05.07.2026

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
CVSS Score: 6.9

Product Status

Vendor 666ghj
Product BettaFish
Versions
  • Version 1.2.0 is affected
  • Version 1.2.1 is affected

Credits

  • Dem000000 (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Partial String Comparison CWE
  • Incorrect Comparison CWE