← voltar
CVE-2026-47163

Quest Bot: Unprivileged users can create and remove AutoMod rules.

CVSS 7.2 HIGHEPSS 0.2%CWE-862
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runtime moderator permission check. An attacker can add a rule matching common text and make the bot delete other users’ messages. This issue has been patched in version 1.0.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
duck-organization · quest-bot

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.1https://github.com/duck-organization/questbot/security/advisories/GHSA-rphh-4h68-qr3j