CVE-2026-48485

UNKNOWN 0.0

Quest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with @everyone or @here in the reason, then make the bot later output that reason through /warns, causing a mass ping if the bot has permission. This issue has been patched in version 1.1.6.

CWE	CWE-116
Vendor	duck-organization
Product	questbot
Published	Jun 12, 2026

Stay Ahead of the Next One

Get instant alerts for duck-organization questbot

Be the first to know when new unknown vulnerabilities affecting duck-organization questbot are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

duck-organization / questbot

< 1.1.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/duck-organization/questbot/security/advisories/GHSA-xjm4-8ggw-8jwf github.com: https://github.com/duck-organization/questbot/releases/tag/questbot-v1.1.6