CVE-2026-47169
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
Quest Bot is a modern Discord bot that prior to version 1.0.3 had a vulnerability allowing users with Manage Server / ManageGuild permissions to assign arbitrary roles to new members. If the selected role had Administrator permissions and was below the bot's highest role, an attacker could gain full server admin rights.
Risk Assessment
The organization may be at risk of unauthorized users taking control of the Discord server, leading to potential abuse and data loss.
Recommendation
It is recommended to update the bot to version 1.0.3 or later and to review and restrict user permissions to prevent similar attacks.
Original NVD description (English source)
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the selected role has Administrator and is below the bot’s highest role, the attacker can join with a controlled account and receive full server admin. This issue has been patched in version 1.0.3.

