NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-47189

Summary	Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim guild’s AutoMod rule ID through autocomplete, then remove that rule from another guild where they have Manage Server. This issue has been patched in version 1.0.5.
Publication Date	June 12, 2026, 4:16 a.m.
Registration Date	June 13, 2026, 4:14 a.m.
Last Update	June 12, 2026, 5:58 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.5	security-advisories@github.com
2	https://github.com/duck-organization/questbot/security/advisories/GHSA-6rv9-6p24-w955	security-advisories@github.com
3	https://github.com/duck-organization/questbot/security/advisories/GHSA-6rv9-6p24-w955	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-639	ユーザ制御の鍵による認証回避	https://cwe.mitre.org/data/definitions/639.html