CVE-2026-14687
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk25th percentile — higher than 25% of all known CVEs
Summary
A vulnerability was found in the InsightEngine component of BettaFish up to version 1.2.1, specifically in the _deduplicate_results function of InsightEngine/agent.py. Input manipulation can lead to partial string comparison, enabling remote attacks. The exploit has been publicly disclosed and may be used.
Risk Assessment
The organization is at risk of remote attacks exploiting partial string comparison, which could cause incorrect search-result deduplication and potential data integrity breaches.
Recommendation
Immediately apply the fix from the pending pull request or upgrade BettaFish to a version above 1.2.1 once released. Until then, restrict access to the InsightEngine component.
Original NVD description (English source)
A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

