CVE-2026-47197
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
Quest Bot is an open-source Discord bot that prior to version 1.1.6 allowed moderators with the relevant permissions to moderate users above them in the Discord role hierarchy, as long as the bot itself outranked the target. This bypasses Discord's normal role hierarchy protections.
Risk Assessment
The organization may be exposed to unauthorized actions from lower-ranked moderators who can ban or modify higher-ranked users' accounts, potentially leading to chaos and loss of trust within the community.
Recommendation
It is recommended to update the bot to version 1.1.6 to mitigate this vulnerability and review moderator permissions to ensure appropriate levels of control.
Original NVD description (English source)
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections and lets lower-ranked moderators ban, kick, timeout, untimeout, warn, or rename higher-ranked users. This issue has been patched in version 1.1.6.

