HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-47189Published Modified CNA GitHub_M

CVE-2026-47189: Quest Bot: AutoMod removal can delete rules from another guild by global rule ID

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim guild’s AutoMod rule ID through autocomplete, then remove that rule from another guild where they have Manage Server. This issue has been patched in version 1.0.5.

Metrics

CVSS v4.0
8.3
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an insecure direct object reference (IDOR) vulnerability in Quest Bot, an open-source Discord moderation bot. The AutoMod rule removal flow accepts a global database rule ID and deletes the matching rule without checking whether that rule belongs to the guild (Discord server) where the command was issued. An attacker with Manage Server permission in any guild can learn a target guild's AutoMod rule IDs through the bot's autocomplete feature, then delete those rules from the victim guild. No patched version is currently published upstream; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection of CVE-2026-47189 is available across every HarborGuard environment. Images containing duck-organization/quest-bot at versions below 1.0.5 are matched against this advisory within minutes of ingestion, including custom-built images that bundle the bot's source or pre-built artifacts.

Available
Triage

HarborGuard scores this CVE at CVSS 8.3 (High) and weights it against each environment's compliance policy to determine urgency and routing. Findings are surfaced to the appropriate team inbox within each customer org based on configured ownership rules.

Available
Patch

Because no upstream fix version has been published yet, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment upstream ships a release. In the meantime, customers can apply compensating controls through HarborGuard's policy engine as described below.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the bot's command interface over the network via Discord's API; no local or physical access is needed.

  • AuthenticationNot required

    No authentication beyond holding a standard Discord account with Manage Server permission in any guild is required; no privileged or admin-level bot credentials are needed.

  • Victim interactionNot required

    No action by a victim user or administrator is needed; the attacker issues the removal command unilaterally.

  • Attack complexityDetail

    The exploit is straightforward under typical conditions, though the attacker-specific prerequisite (AT:P) means the attacker must first discover a target guild's rule ID, which the bot's autocomplete feature exposes directly.

Blast Radius

  • Deletes AutoMod rules from a victim Discord guild without the guild administrators' knowledge or consent.
  • Removes moderation protections (keyword filters, spam rules, mention limits) configured by the victim guild, leaving the server exposed to content the rules were blocking.
  • The attacker's own guild and bot credentials are not exposed; impact is limited to integrity and availability of the victim guild's AutoMod configuration.
  • Repeated or targeted deletion across multiple guilds is feasible as long as the attacker holds Manage Server in at least one guild and can retrieve rule IDs via autocomplete.

How HarborGuard Handles This

Available on HarborGuard: because no upstream patch has been released for CVE-2026-47189 as of the publication date, HarborGuard continuously re-checks the advisory feed on every ingest cycle and will surface a patched-image rebuild at version 1.0.5 (or the first fixing release) the moment upstream publishes one. For customers with auto-remediation enabled, that rebuild will trigger an automated regression run and a PR opened against affected workloads without manual intervention. While no patch is available, recommended compensating controls include: restricting network egress from the bot container to Discord API endpoints only (reducing the surface for rule ID enumeration); applying Kubernetes NetworkPolicy or equivalent to isolate the bot's pod from internal services; and, if the bot's autocomplete endpoint can be feature-flag gated, disabling rule-ID autocomplete at the deployment level to remove the primary reconnaissance path an attacker relies on to enumerate victim guild rule IDs.

See how HarborGuard automates this
Affected packages
  • duck-organization / quest-bot
    < 1.0.5
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
References