CVE-2026-47196

Source
https://cve.org/CVERecord?id=CVE-2026-47196
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47196.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47196
Aliases
  • GHSA-fgwg-6px5-cxp5
Published
2026-06-12T11:51:35.814Z
Modified
2026-07-15T01:49:05.176385503Z
Severity
  • 8.4 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:H CVSS Calculator
Summary
Quest Bot: Empty automod rule causes every guild message to be deleted
Details

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes(""), which is always true, causing the bot to delete every non-bot guild message. This issue has been patched in version 1.1.6.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47196.json"
}
References

Affected packages

Git / github.com/duck-organization/questbot

Affected ranges

Type
GIT
Repo
https://github.com/duck-organization/questbot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.1.6"
        }
    ]
}

Affected versions

questbot-v1.*
questbot-v1.0.1
questbot-v1.0.2
questbot-v1.0.3
questbot-v1.0.4
questbot-v1.0.5
questbot-v1.1.0
questbot-v1.1.1
questbot-v1.1.2
questbot-v1.1.3
questbot-v1.1.4
questbot-v1.1.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47196.json"