CVE Catalog

CVE-2026-47189

HighCVSS 8.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile - higher than 13% of all known CVEs

Summary

Quest Bot is a modern Discord bot that prior to version 1.0.5 had a vulnerability in the AutoMod feature, allowing the removal of rules without verifying their association with the server. A user could identify the victim guild's AutoMod rule ID and remove it from another guild where they had Manage Server permissions.

Risk Assessment

This vulnerability could lead to unauthorized removal of moderation rules on servers, potentially disrupting community operations and causing chaos in server management.

Recommendation

It is recommended to update Quest Bot to version 1.0.5 or later to mitigate this vulnerability.

Original NVD description (English source)

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim guild’s AutoMod rule ID through autocomplete, then remove that rule from another guild where they have Manage Server. This issue has been patched in version 1.0.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS