CVE Catalog

CVE-2026-47163

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

Quest Bot is a modern Discord bot designed for moderation, utilities, and support. In versions prior to 1.0.1, any guild member could use the /automod add, /automod remove, and /automod list commands, allowing them to add moderation rules without proper permissions.

Risk Assessment

An attacker could add a rule matching common text, resulting in the bot deleting other users' messages. This poses a risk of abuse and disruption of communication within the community.

Recommendation

It is recommended to update the bot to version 1.0.1 to eliminate this vulnerability. Additionally, implementing proper permission checks for moderation commands is advisable.

Original NVD description (English source)

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runtime moderator permission check. An attacker can add a rule matching common text and make the bot delete other users’ messages. This issue has been patched in version 1.0.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS