CVE-2026-47175

Sažetak

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can still make the bot send @everyone or @here if the bot has that permission. This issue has been patched in version 1.0.4.

Reference

https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.4
https://github.com/duck-organization/questbot/security/advisories/GHSA-556x-7wgq-25fp

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

11-06-2026 - 20:58

Objavljeno

11-06-2026 - 19:16