What happened
BettaFish's search-result deduplication logic in its agentic InsightEngine module uses a substring/partial match instead of an exact comparison, allowing manipulation of which results are considered duplicates.
Why it matters
Low-severity logic flaw with narrow real-world exposure; included for completeness as a precisely catalogued CVE in an AI agent search framework.
Attack vector
The _deduplicate_results function in InsightEngine/agent.py performs a partial rather than exact string comparison, which a remote attacker can manipulate to bypass deduplication logic and affect search-result handling.
Affected systems
666ghj BettaFish up to 1.2.1
Mitigation
Upgrade past 1.2.1 or patch _deduplicate_results to use exact comparison; check upstream repository for a fix.