CVE-2026-47169

Sažetak

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the selected role has Administrator and is below the bot’s highest role, the attacker can join with a controlled account and receive full server admin. This issue has been patched in version 1.0.3.

Reference

https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.3
https://github.com/duck-organization/questbot/security/advisories/GHSA-8vgg-4hpx-7qfg
https://github.com/duck-organization/questbot/security/advisories/GHSA-8vgg-4hpx-7qfg

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

11-06-2026 - 20:58

Objavljeno

11-06-2026 - 19:16