CVE-2026-47176 MEDIUM

CVE-2026-47176: Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel

Vendor Duck-Organization
Product quest-bot
Weakness CWE-200 · Info exposure
Published June 11, 2026
Last update June 11, 2026

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user cannot access. This issue has been patched in version 1.0.4.

Key dates

02Disclosure timeline

June 11, 2026 CVE published
June 11, 2026 Record updated