CVE-2026-47176

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user cannot access. This issue has been patched in version 1.0.4.

CVSS

No CVSS.

References

Link	Resource
https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.4
https://github.com/duck-organization/questbot/security/advisories/GHSA-fvvp-8g5q-hrc7
https://github.com/duck-organization/questbot/security/advisories/GHSA-fvvp-8g5q-hrc7

Configurations

No configuration.

History

11 Jun 2026, 20:16

Type	Values Removed	Values Added
References	~~() https://github.com/duck-organization/questbot/security/advisories/GHSA-fvvp-8g5q-hrc7 -~~	() https://github.com/duck-organization/questbot/security/advisories/GHSA-fvvp-8g5q-hrc7 -

11 Jun 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-11 19:16

Updated : 2026-06-11 20:58

NVD link : CVE-2026-47176

Mitre link : CVE-2026-47176

CVE.ORG link : CVE-2026-47176

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2026-47176", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-06-11T19:16:45.880", "references": [{"url": "https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.4", "source": "security-advisories@github.com"}, {"url": "https://github.com/duck-organization/questbot/security/advisories/GHSA-fvvp-8g5q-hrc7", "source": "security-advisories@github.com"}, {"url": "https://github.com/duck-organization/questbot/security/advisories/GHSA-fvvp-8g5q-hrc7", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user cannot access. This issue has been patched in version 1.0.4."}], "lastModified": "2026-06-11T20:58:18.123", "sourceIdentifier": "security-advisories@github.com"}