CVE Catalog

CVE-2026-47177

MediumCVSS 5.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile — higher than 12% of all known CVEs

Summary

Quest Bot is an opensource modern Discord Bot that prior to version 1.0.4 allowed users to configure bot settings, including the ticket transcript channel. Users could set this channel to one they could read, leading to the exposure of private ticket messages.

Risk Assessment

The exposure of private ticket messages may lead to breaches of user privacy and trust in the support system. Organizations could be at risk of information leaks.

Recommendation

It is recommended to update the bot to version 1.0.4 or later to mitigate this vulnerability. Additionally, review and adjust the bot's configuration settings to minimize the risk of information exposure.

Original NVD description (English source)

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it to that configured transcript channel. This can expose private ticket messages to users who could not read the original ticket channel. This issue has been patched in version 1.0.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS