CVE Catalog

CVE-2026-47169

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile - higher than 11% of all known CVEs

Summary

Quest Bot is a modern Discord bot that prior to version 1.0.3 had a vulnerability allowing users with Manage Server / ManageGuild permissions to assign arbitrary roles to new members. If the selected role had Administrator permissions and was below the bot's highest role, an attacker could gain full server admin rights.

Risk Assessment

The organization may be at risk of unauthorized users taking control of the Discord server, leading to potential abuse and data loss.

Recommendation

It is recommended to update the bot to version 1.0.3 or later and to review and restrict user permissions to prevent similar attacks.

Original NVD description (English source)

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the selected role has Administrator and is below the bot’s highest role, the attacker can join with a controlled account and receive full server admin. This issue has been patched in version 1.0.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS