CVE-2026-14687
666ghj BettaFish InsightEngine search-result Deduplication agent.py _deduplicate_results partial string comparison
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
| CWE | CWE-187 CWE-697 |
| Vendor | 666ghj |
| Product | bettafish |
| Published | Jul 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for 666ghj bettafish
Be the first to know when new medium vulnerabilities affecting 666ghj bettafish are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
666ghj / BettaFish
1.2.0 1.2.1
References
vuldb.com: https://vuldb.com/vuln/376283 vuldb.com: https://vuldb.com/vuln/376283/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14687 vuldb.com: https://vuldb.com/submit/846753 github.com: https://github.com/666ghj/BettaFish/issues/688 github.com: https://github.com/666ghj/BettaFish/pull/689 github.com: https://github.com/666ghj/BettaFish/
Credits
๐ Dem000000 (VulDB User) VulDB CNA Team