CVE Catalog

CVE-2026-47171

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile - higher than 13% of all known CVEs

Summary

Quest Bot is a modern Discord bot designed for moderation, utilities, and support. In versions prior to 1.0.3, a normal user could create a reminder containing @everyone or @here, resulting in mass notifications when triggered.

Risk Assessment

The risk is that users may inadvertently or intentionally trigger mass notifications, which can disrupt server or channel operations.

Recommendation

It is recommended to update the bot to version 1.0.3 to eliminate the possibility of mass notifications from reminders.

Original NVD description (English source)

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing mass mentions. If the bot has permission to mention everyone, the reminder can ping the entire server or channel later. This issue has been patched in version 1.0.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS