CVE-2026-47196

Sažetak

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes(""), which is always true, causing the bot to delete every non-bot guild message. This issue has been patched in version 1.1.6.

Reference

https://github.com/duck-organization/questbot/releases/tag/questbot-v1.1.6
https://github.com/duck-organization/questbot/security/advisories/GHSA-fgwg-6px5-cxp5
https://github.com/duck-organization/questbot/security/advisories/GHSA-fgwg-6px5-cxp5

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

12-06-2026 - 16:16

Objavljeno

12-06-2026 - 13:16