CVE Catalog

CVE-2026-14687

MediumCVSS 5.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

A vulnerability was found in the InsightEngine component of BettaFish up to version 1.2.1, specifically in the _deduplicate_results function of InsightEngine/agent.py. Input manipulation can lead to partial string comparison, enabling remote attacks. The exploit has been publicly disclosed and may be used.

Risk Assessment

The organization is at risk of remote attacks exploiting partial string comparison, which could cause incorrect search-result deduplication and potential data integrity breaches.

Recommendation

Immediately apply the fix from the pending pull request or upgrade BettaFish to a version above 1.2.1 once released. Until then, restrict access to the InsightEngine component.

Original NVD description (English source)

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS