Discord
Products
2- 6 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23739 | Cri | 0.64 | 9.8 | 0.02 | Jan 28, 2024 | An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | ||
| CVE-2021-26918 | Cri | 0.64 | 9.8 | 0.03 | Feb 9, 2021 | The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as… | ||
| CVE-2026-0776 | Hig | 0.47 | 7.3 | 0.00 | Jan 23, 2026 | Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the… | ||
| CVE-2025-26604 | Hig | 0.47 | 8.3 | 0.00 | Feb 18, 2025 | Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform… | ||
| CVE-2025-4525 | Hig | 0.46 | 7.0 | 0.00 | May 10, 2025 | A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The… | ||
| CVE-2025-0732 | Med | 0.29 | 4.5 | 0.00 | Jan 27, 2025 | A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally.… | ||
| CVE-2026-24332 | Med | 0.28 | 4.3 | 0.00 | Jan 22, 2026 | Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are… |
- risk 0.64cvss 9.8epss 0.02
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
- risk 0.64cvss 9.8epss 0.03
The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as…
- risk 0.47cvss 7.3epss 0.00
Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the…
- risk 0.47cvss 8.3epss 0.00
Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform…
- risk 0.46cvss 7.0epss 0.00
A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The…
- risk 0.29cvss 4.5epss 0.00
A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally.…
- risk 0.28cvss 4.3epss 0.00
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are…