CVE-2026-47176
MediumCVSS 5.7Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
Quest Bot is an open-source modern Discord Bot that, prior to version 1.0.4, allowed users to configure logging settings, resulting in the logging of deleted and edited message contents from every channel, including private ones that the configuring user could not access.
Risk Assessment
Organizations may be at risk of leaking sensitive information as the bot logs messages from channels that the user should not have access to.
Recommendation
It is recommended to update the bot to version 1.0.4 to mitigate this vulnerability and restrict access to logging settings to trusted users.
Original NVD description (English source)
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user cannot access. This issue has been patched in version 1.0.4.

