CVE-2026-47171
Essential information
- Published
- 11/06/2026 21:16
- Modified
- 11/06/2026 20:58
- Author
- The MITRE Corporation
- Creator
- The MITRE Corporation
- CVSS
- 8.8 HIGH (v3) 8.8 HIGH (v4.0)
- CISA KEV
- No
- CWE
- CWE-116
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- Network
- Attack complexity
- Low
- Attack requirements
- None
- Privileges required
- None
- User interaction
- None
- Confidentiality (V)
- None
- Confidentiality (S)
- None
- Integrity (V)
- High
- Integrity (S)
- None
- Availability (V)
- Low
- Availability (S)
- None
- Exploit maturity
- NOT_DEFINED
Description
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing mass mentions. If the bot has permission to mention everyone, the reminder can ping the entire server or channel later. This issue has been patched in version 1.0.3.
NVD status
- Status
- Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| quest / quest bot | cpe:2.3:a:quest:quest_bot:<1.0.3:*:*:*:*:*:*:* |