PatchSiren cyber security CVE debrief
CVE-2026-47163 duck-organization CVE debrief
CVE-2026-47163 is a high-severity vulnerability in Quest Bot, a Discord bot, allowing unauthorized guild members to manage automod rules, potentially leading to message deletion. The vulnerability has a CVSS score of 7.2 and was patched in version 1.0.1.
- Vendor
- duck-organization
- Product
- quest-bot
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Quest Bot, specifically those who manage or interact with the bot in Discord guilds, should be aware of this vulnerability and ensure they are running version 1.0.1 or later to prevent unauthorized access to automod functionality.
Technical summary
Quest Bot, a Discord bot, had a vulnerability prior to version 1.0.1 where any guild member could invoke slash commands to add, remove, or list automod rules without needing the default Discord permission or runtime moderator checks. This allowed an attacker to create a rule that could delete other users' messages.
Defensive priority
High
Recommended defensive actions
- Update Quest Bot to version 1.0.1 or later to patch the vulnerability.
- Review and restrict who has the ability to manage automod rules in your Discord guild.
- Monitor your Discord guild for any suspicious activity related to automod rule changes.
Evidence notes
The vulnerability was patched in version 1.0.1 of Quest Bot. For more information, see [ref-4](ref-4) and [ref-5](ref-5).
Official resources
CVE-2026-47163 was published on 2026-06-11T19:16:44.390Z and modified on 2026-06-11T20:58:18.123Z.