CVE Catalog

CVE-2026-47197

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

Quest Bot is an open-source Discord bot that prior to version 1.1.6 allowed moderators with the relevant permissions to moderate users above them in the Discord role hierarchy, as long as the bot itself outranked the target. This bypasses Discord's normal role hierarchy protections.

Risk Assessment

The organization may be exposed to unauthorized actions from lower-ranked moderators who can ban or modify higher-ranked users' accounts, potentially leading to chaos and loss of trust within the community.

Recommendation

It is recommended to update the bot to version 1.1.6 to mitigate this vulnerability and review moderator permissions to ensure appropriate levels of control.

Original NVD description (English source)

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections and lets lower-ranked moderators ban, kick, timeout, untimeout, warn, or rename higher-ranked users. This issue has been patched in version 1.1.6.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS