CVE-2026-47176

Source
https://cve.org/CVERecord?id=CVE-2026-47176
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47176.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47176
Aliases
  • GHSA-fvvp-8g5q-hrc7
Published
2026-06-11T18:29:55.933Z
Modified
2026-07-08T08:05:18.117168744Z
Severity
  • 5.7 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel
Details

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user cannot access. This issue has been patched in version 1.0.4.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47176.json",
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/duck-organization/questbot

Affected ranges

Type
GIT
Repo
https://github.com/duck-organization/questbot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.4"
        }
    ]
}

Affected versions

questbot-v1.*
questbot-v1.0.1
questbot-v1.0.2
questbot-v1.0.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47176.json"