CVE-2026-47163
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CWE
- CWE-862
Description
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runtime moderator permission check. An attacker can add a rule matching common text and make the bot delete other users’ messages. This issue has been patched in version 1.0.1.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-47163
- [Other]https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.1
- [Other]https://github.com/duck-organization/questbot/security/advisories/GHSA-rphh-4h68-qr3j
- [Other]https://github.com/duck-organization/questbot/security/advisories/GHSA-rphh-4h68-qr3j
Related CVEs
Same CWE
- CVE-2026-53818 — OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to ski... (6.6 MEDIUM)
- CVE-2026-53816 — OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to... (7.2 HIGH)
- CVE-2026-53815 — OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks (6.5 MEDIUM)
- CVE-2026-4764 — A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authentica...
- CVE-2023-32959 — Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security ... (4.3 MEDIUM)