PatchSiren cyber security CVE debrief
CVE-2026-47171 duck-organization CVE debrief
CVE-2026-47171 is a high-severity vulnerability in Quest Bot, a Discord bot, allowing normal users to create reminders that trigger mass mentions, potentially pinging the entire server or channel. This issue was patched in version 1.0.3.
- Vendor
- duck-organization
- Product
- quest-bot
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Quest Bot, particularly those with the bot having permission to mention everyone, should be aware of this vulnerability and ensure they are running version 1.0.3 or later to prevent potential abuse.
Technical summary
Quest Bot, a Discord bot for moderation, utilities, and support, had a vulnerability prior to version 1.0.3. A normal user could create a reminder with a message containing @everyone or @here. When triggered, the bot would send the stored message back into the channel without suppressing mass mentions. If the bot had permission to mention everyone, this could result in the entire server or channel being pinged.
Defensive priority
High
Recommended defensive actions
- Update Quest Bot to version 1.0.3 or later to patch the vulnerability.
- Review and adjust bot permissions to prevent unnecessary mentions.
Evidence notes
CVE-2026-47171 has a CVSS score of 8.8 and is considered HIGH severity. It was published on 2026-06-11T19:16:45.080Z and modified on 2026-06-11T20:58:18.123Z.
Official resources
CVE-2026-47171 was published on 2026-06-11T19:16:45.080Z and modified on 2026-06-11T20:58:18.123Z.