CVE-2026-47189
Deferred Deferred - Pending Action

AutoMod Rule Deletion in Quest Bot

Vulnerability report for CVE-2026-47189, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: GitHub, Inc.

Description

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim guild’s AutoMod rule ID through autocomplete, then remove that rule from another guild where they have Manage Server. This issue has been patched in version 1.0.5.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
duck_organization questbot to 1.0.5 (exc)
duck_organization questbot 1.0.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-47189 is a vulnerability in the Quest Bot's AutoMod system for Discord. Before version 1.0.5, when removing AutoMod rules, the system looked up and deleted rules by a global database ID without checking if the rule belonged to the guild where the command was executed.

An attacker can exploit this by obtaining a victim guild’s AutoMod rule ID through autocomplete, then using the remove command in another guild where they have Manage Server permissions to delete that rule from the victim guild.

This means users could remove moderation rules from other guilds without proper authorization, weakening those guilds' moderation controls.

Impact Analysis

This vulnerability allows an attacker with Manage Server permissions in one guild to delete AutoMod rules from another guild where they do not have permissions.

The impact includes unauthorized modification of system data, specifically the deletion of moderation rules, which can weaken the victim guild's ability to moderate content effectively.

Because it affects the integrity and availability of moderation rules without requiring elevated privileges, it poses a high security risk.

Detection Guidance

This vulnerability can be detected by checking if unauthorized AutoMod rules from other guilds have been removed or if there are unexpected changes in AutoMod rules. Specifically, an attacker exploits the ability to remove AutoMod rules by using the global rule ID without guild verification.

A detection approach involves monitoring the use of the `/automod remove word:<id>` command, especially when the rule ID belongs to a different guild than the one where the command is executed.

Since the vulnerability involves misuse of the `/automod remove` command with a global rule ID, you can audit command logs or bot activity logs for suspicious removal commands referencing rule IDs not belonging to the guild.

No specific network or system commands are provided in the available resources to detect this vulnerability.

Mitigation Strategies

The immediate mitigation step is to upgrade the Quest Bot to version 1.0.5 or later, where this vulnerability has been patched.

Until the upgrade is applied, restrict Manage Server permissions carefully to trusted users only, as the vulnerability requires Manage Server permissions to exploit.

Monitor and audit AutoMod rule removal commands to detect and respond to any unauthorized attempts.

Compliance Impact

The vulnerability allows an attacker with Manage Server permissions in one guild to delete AutoMod rules from another guild without proper authorization checks. This unauthorized modification of moderation rules could weaken the affected guild's ability to enforce policies that protect user data and maintain security.

While the CVE description does not explicitly mention compliance with standards such as GDPR or HIPAA, the unauthorized deletion of moderation rules could potentially impact compliance by reducing the effectiveness of automated moderation controls designed to protect personal data or ensure secure communication environments.

Therefore, organizations relying on Quest Bot for moderation in environments subject to such regulations should consider this vulnerability as a risk to maintaining required security controls and data protection measures until patched.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47189. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart