PatchSiren cyber security CVE debrief
CVE-2026-47176 duck-organization CVE debrief
CVE-2026-47176 is a sensitive information disclosure vulnerability in Quest Bot, a modern Discord Bot built for moderation, utilities, and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user cannot access. This issue has been patched in version 1.0.4.
- Vendor
- duck-organization
- Product
- quest-bot
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Quest Bot prior to version 1.0.4 who have configured bot settings, particularly those with access to logging channels.
Technical summary
The vulnerability has a CVSS score of 5.7 and is classified as MEDIUM severity. It allows sensitive information disclosure due to the bot's ability to log deleted and edited message contents from all channels it can see, including private ones, when a user with bot settings access enables logging.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Quest Bot to version 1.0.4 or later.
- Review and restrict logging channel access to only necessary users.
- Monitor bot activity and logging channels for potential misuse.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4] and [ref-5].
Official resources
CVE-2026-47176 was published on 2026-06-11T19:16:45.880Z and modified on 2026-06-11T20:58:18.123Z.