CVE-2026-47175
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
Published: 2026-06-11 · Last updated: 2026-06-13
Severity and scoring
- CWE
- CWE-116
Description
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can still make the bot send @everyone or @here if the bot has that permission. This issue has been patched in version 1.0.4.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-47175
- [Other]https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.4
- [Other]https://github.com/duck-organization/questbot/security/advisories/GHSA-556x-7wgq-25fp
- [Other]https://github.com/duck-organization/questbot/security/advisories/GHSA-556x-7wgq-25fp
Related CVEs
Same CWE
- CVE-2026-45011 — ApostropheCMS is an open-source Node.js content management system (7.3 HIGH)
- CVE-2026-54133 — jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP app... (9.8 CRITICAL)
- CVE-2026-48485 — Quest Bot is an opensource Discord Bot
- CVE-2026-47188 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
- CVE-2026-47173 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support