CVE-2026-47189
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CWE
- CWE-639
Description
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim guild’s AutoMod rule ID through autocomplete, then remove that rule from another guild where they have Manage Server. This issue has been patched in version 1.0.5.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-47189
- [Other]https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.5
- [Other]https://github.com/duck-organization/questbot/security/advisories/GHSA-6rv9-6p24-w955
- [Other]https://github.com/duck-organization/questbot/security/advisories/GHSA-6rv9-6p24-w955
Related CVEs
Same CWE
- CVE-2026-47238 — ClipBucket v5 is an open source video sharing platform (6.5 MEDIUM)
- CVE-2026-7787 — IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authenticatio... (7.5 HIGH)
- CVE-2026-8406 — openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module
- CVE-2026-6976 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (3.7 LOW)
- CVE-2026-6552 — GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2... (8.7 HIGH)