PatchSiren cyber security CVE debrief
CVE-2026-47177 duck-organization CVE debrief
CVE-2026-47177 is a MEDIUM severity vulnerability in Quest Bot, an open-source Discord Bot. A user with bot settings configuration permissions can set the bot's ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it to that configured transcript channel. This can expose private ticket messages to users who could not read the original ticket channel. The vulnerability has been patched in version 1.0.4.
- Vendor
- duck-organization
- Product
- quest-bot
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Quest Bot prior to version 1.0.4 who have configured bot settings.
Technical summary
CVE-2026-47177 is a vulnerability in Quest Bot where a user with bot settings configuration permissions can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it to that configured transcript channel, potentially exposing private ticket messages to unauthorized users.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Quest Bot to version 1.0.4 or later.
- Review and restrict bot settings configuration permissions to trusted users.
- Verify that the ticket transcript channel is set to a channel that only authorized users can read.
Evidence notes
The CVE-2026-47177 vulnerability has been patched in version 1.0.4 of Quest Bot. Users can find more information about the patch and the vulnerability at [ref-4](resourceLinkAnnotations.ref-4) and [ref-5](resourceLinkAnnotations.ref-5).
Official resources
CVE-2026-47177 was published on 2026-06-11T19:16:46.047Z and modified on 2026-06-11T20:58:18.123Z.