CVE-2026-47175
LowCVSS 2.3Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
Quest Bot is a modern Discord bot designed for moderation, utilities, and support. In versions prior to 1.0.4, several moderation commands echoed user-controlled reason text in public bot replies without disabling mention parsing.
Risk Assessment
Moderators without permission to mention everyone can exploit this vulnerability to make the bot send @everyone or @here messages if the bot has that permission. This could lead to unauthorized user notifications.
Recommendation
It is recommended to update the bot to version 1.0.4 or later to mitigate this vulnerability.
Original NVD description (English source)
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can still make the bot send @everyone or @here if the bot has that permission. This issue has been patched in version 1.0.4.

