CVE-2026-14687

medium

Description

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

References

https://vuldb.com/vuln/376283/cti

https://vuldb.com/vuln/376283

https://vuldb.com/submit/846753

https://vuldb.com/cve/CVE-2026-14687

https://github.com/666ghj/BettaFish/pull/689

https://github.com/666ghj/BettaFish/issues/688

https://github.com/666ghj/BettaFish/

Details

Source: Mitre, NVD

Published: 2026-07-05

Updated: 2026-07-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium