Vulnerability  ·  2026-07-06

BettaFish InsightEngine — Partial String Comparison in Search-Result Deduplication

VulnerabilityLow impactGlobalCVE-2026-14687
CVE-2026-14687 (CVSS 5.3 Medium, published 2026-07-05) is a logic flaw in an AI search-agent's result-deduplication routine that uses substring rather than exact comparison.
Low blast radius — primarily affects result-quality/dedup correctness in a niche AI search agent rather than confidentiality or code execution, kept as a precise catalogued finding.
The _deduplicate_results function uses partial (substring) string comparison instead of exact matching, remotely exploitable to bypass deduplication logic.
666ghj BettaFish ≤ 1.2.1 (InsightEngine/agent.py)
No fix confirmed at disclosure; use exact-match/hash-based deduplication as a workaround.
NVD CVE-2026-14687
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →