CVE-2026-47188
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
Published: 2026-06-11 · Last updated: 2026-06-13
Severity and scoring
- CWE
- CWE-116
Description
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban and /unwarn still echo user-controlled reason text in public bot messages without allowedMentions. A moderator can use @everyone or @here in the reason and make the bot send a mass ping. This issue has been patched in version 1.0.5.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-47188
- [Other]https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.5
- [Other]https://github.com/duck-organization/questbot/security/advisories/GHSA-r978-qqg9-vvxw
- [Other]https://github.com/duck-organization/questbot/security/advisories/GHSA-r978-qqg9-vvxw
Related CVEs
Same CWE
- CVE-2026-45011 — ApostropheCMS is an open-source Node.js content management system (7.3 HIGH)
- CVE-2026-54133 — jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP app... (9.8 CRITICAL)
- CVE-2026-48485 — Quest Bot is an opensource Discord Bot
- CVE-2026-47175 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
- CVE-2026-47173 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support