CVE Catalog

CVE-2026-48485

LowCVSS 2.1
Published: Updated: Translated: NVD NIST

Summary

Quest Bot is an open-source Discord bot that prior to version 1.1.6 did not suppress mentions when invoking the /warns command, potentially leading to mass pings of users.

Risk Assessment

The ability to mass ping users can disrupt communication on the server and frustrate users, which may impact the organization's reputation.

Recommendation

It is recommended to update the bot to version 1.1.6 or later to eliminate the issue with uncontrolled mentions.

Original NVD description (English source)

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with @everyone or @here in the reason, then make the bot later output that reason through /warns, causing a mass ping if the bot has permission. This issue has been patched in version 1.1.6.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS