CVE-2026-47189
HighCVSS 8.3Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
Quest Bot is a modern Discord bot that prior to version 1.0.5 had a vulnerability in the AutoMod feature, allowing the removal of rules without verifying their association with the server. A user could identify the victim guild's AutoMod rule ID and remove it from another guild where they had Manage Server permissions.
Risk Assessment
This vulnerability could lead to unauthorized removal of moderation rules on servers, potentially disrupting community operations and causing chaos in server management.
Recommendation
It is recommended to update Quest Bot to version 1.0.5 or later to mitigate this vulnerability.
Original NVD description (English source)
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim guild’s AutoMod rule ID through autocomplete, then remove that rule from another guild where they have Manage Server. This issue has been patched in version 1.0.5.

