CVE-2026-14687
Received
Received - Intake
Partial String Comparison Flaw in BettaFish InsightEngine
Vulnerability report for CVE-2026-14687, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-05
Last updated on: 2026-07-05
Assigner: VulDB
Description
Description
A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 666ghj | bettafish | 1.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-187 | The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses. |
| CWE-697 | The product compares two entities in a security-relevant context, but the comparison is incorrect. |