CVE-2026-47177
MediumCVSS 5.7Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
Quest Bot is an opensource modern Discord Bot that prior to version 1.0.4 allowed users to configure bot settings, including the ticket transcript channel. Users could set this channel to one they could read, leading to the exposure of private ticket messages.
Risk Assessment
The exposure of private ticket messages may lead to breaches of user privacy and trust in the support system. Organizations could be at risk of information leaks.
Recommendation
It is recommended to update the bot to version 1.0.4 or later to mitigate this vulnerability. Additionally, review and adjust the bot's configuration settings to minimize the risk of information exposure.
Original NVD description (English source)
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it to that configured transcript channel. This can expose private ticket messages to users who could not read the original ticket channel. This issue has been patched in version 1.0.4.

