CVE-2026-47163
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
Quest Bot is a modern Discord bot designed for moderation, utilities, and support. In versions prior to 1.0.1, any guild member could use the /automod add, /automod remove, and /automod list commands, allowing them to add moderation rules without proper permissions.
Risk Assessment
An attacker could add a rule matching common text, resulting in the bot deleting other users' messages. This poses a risk of abuse and disruption of communication within the community.
Recommendation
It is recommended to update the bot to version 1.0.1 to eliminate this vulnerability. Additionally, implementing proper permission checks for moderation commands is advisable.
Original NVD description (English source)
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runtime moderator permission check. An attacker can add a rule matching common text and make the bot delete other users’ messages. This issue has been patched in version 1.0.1.

