ByteOS Network

CVE Vulnerability Details :

CVE-2026-47175

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-11 Jun, 2026 | 18:29

Updated At-11 Jun, 2026 | 18:29

▼CVE Numbering Authority (CNA)

Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can still make the bot send @everyone or @here if the bot has that permission. This issue has been patched in version 1.0.4.

Affected Products

Vendor

duck-organization

Product

quest-bot

Versions

Affected

< 1.0.4

Problem Types

Type	CWE ID	Description
CWE	CWE-116	CWE-116: Improper Encoding or Escaping of Output

Type: CWE

CWE ID: CWE-116

Description: CWE-116: Improper Encoding or Escaping of Output

Metrics

Version	Base score	Base severity	Vector
4.0	2.3	LOW	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

References

Hyperlink	Resource
https://github.com/duck-organization/questbot/security/advisories/GHSA-556x-7wgq-25fp	x_refsource_CONFIRM
https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.4	x_refsource_MISC

Hyperlink: https://github.com/duck-organization/questbot/security/advisories/GHSA-556x-7wgq-25fp

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.4

Resource:

x_refsource_MISC

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References