CVE-2026-47163

Source
https://cve.org/CVERecord?id=CVE-2026-47163
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47163.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47163
Aliases
  • GHSA-rphh-4h68-qr3j
Published
2026-06-11T18:27:40.902Z
Modified
2026-07-08T08:13:38.063587862Z
Severity
  • 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Quest Bot: Unprivileged users can create and remove AutoMod rules.
Details

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runtime moderator permission check. An attacker can add a rule matching common text and make the bot delete other users’ messages. This issue has been patched in version 1.0.1.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47163.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/duck-organization/questbot

Affected ranges

Type
GIT
Repo
https://github.com/duck-organization/questbot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.1"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47163.json"