Skip to main content

Bettafish

1 CVEs product

Monthly

CVE-2026-14687 MEDIUM POC PATCH This Month

Partial string comparison in BettaFish's InsightEngine deduplication logic (versions up to 1.2.1) allows remote unauthenticated attackers to manipulate search-result deduplication by crafting inputs that exploit the flawed comparison in `_deduplicate_results` within `InsightEngine/agent.py`. The integrity impact is limited - attackers can cause duplicate or otherwise manipulated entries to persist in search output - but the attack requires no authentication and no user interaction, and a public proof-of-concept exploit exists. No active exploitation has been confirmed by CISA KEV; a fix pull request (PR #689) has been submitted but not yet merged.

Information Disclosure Bettafish
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Partial string comparison in BettaFish's InsightEngine deduplication logic (versions up to 1.2.1) allows remote unauthenticated attackers to manipulate search-result deduplication by crafting inputs that exploit the flawed comparison in `_deduplicate_results` within `InsightEngine/agent.py`. The integrity impact is limited - attackers can cause duplicate or otherwise manipulated entries to persist in search output - but the attack requires no authentication and no user interaction, and a public proof-of-concept exploit exists. No active exploitation has been confirmed by CISA KEV; a fix pull request (PR #689) has been submitted but not yet merged.

Information Disclosure Bettafish
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy