CVE-2026-47195

Sažetak

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissions can still delete messages or change slowmode through the bot. This issue has been patched in version 1.1.6.

Reference

https://github.com/duck-organization/questbot/releases/tag/questbot-v1.1.6
https://github.com/duck-organization/questbot/security/advisories/GHSA-2wf8-554w-hrj9
https://github.com/duck-organization/questbot/security/advisories/GHSA-2wf8-554w-hrj9

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

12-06-2026 - 15:56

Objavljeno

12-06-2026 - 13:16