How is CVE-2026-47195 exploited?

Network reachability (required): The attacker sends commands to the bot over the network via the Discord API, so the affected service must be reachable over the network. Authentication (required): The attacker must hold a valid low-privilege guild membership account; anonymous access is not sufficient. Victim interaction (not-required): No victim action is needed; the attacker issues commands directly to the bot without involving another user. Attack complexity (info): The exploit is reliable and condition-free in most deployments, though the CVSS vector notes an attack requirement (AT:P) indicating that specific channel-level permission overwrites must already be configured to create the exploitable discrepancy.

What is the impact of CVE-2026-47195?

Attacker bulk-deletes message history in channels they are explicitly restricted from moderating, permanently removing conversation records. Attacker modifies the slowmode setting on restricted channels, disrupting communication flow for legitimate members. Channel-level administrative boundaries are bypassed, allowing a low-privilege member to exercise moderation capabilities the server owner intended to revoke. Downstream systems or audit logs that depend on channel integrity can reflect unauthorized changes originating from the bot.

Back to search

HIGHCVE-2026-47195Published 2026-06-12Modified 2026-06-12CNA GitHub_M

CVE-2026-47195: Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissions can still delete messages or change slowmode through the bot. This issue has been patched in version 1.1.6.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a permission-enforcement bypass in Quest Bot, an open-source Discord bot. The vulnerability is reachable over the network by any low-privilege authenticated user and requires no victim interaction; the bot checks only guild-level permissions and ignores channel-level permission overwrites when processing purge and slowmode commands. A successful attacker can delete messages in channels they are explicitly denied moderation access to, or change the slowmode setting on those channels, undermining channel-specific access controls. No fix version has been published yet; HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle Quest Bot. Any image containing an affected version of duck-organization/questbot below 1.1.6 is flagged automatically.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 7.1 HIGH and weighting it against each environment's compliance policy to determine urgency. Triage routing routes the finding to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory each ingest cycle and will make a patched-image rebuild available the moment a fix is released. In the meantime, the finding remains open and visible in each affected environment's queue for manual remediation tracking.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker sends commands to the bot over the network via the Discord API, so the affected service must be reachable over the network.
AuthenticationRequired
The attacker must hold a valid low-privilege guild membership account; anonymous access is not sufficient.
Victim interactionNot required
No victim action is needed; the attacker issues commands directly to the bot without involving another user.
Attack complexityDetail
The exploit is reliable and condition-free in most deployments, though the CVSS vector notes an attack requirement (AT:P) indicating that specific channel-level permission overwrites must already be configured to create the exploitable discrepancy.

Blast Radius

Attacker bulk-deletes message history in channels they are explicitly restricted from moderating, permanently removing conversation records.
Attacker modifies the slowmode setting on restricted channels, disrupting communication flow for legitimate members.
Channel-level administrative boundaries are bypassed, allowing a low-privilege member to exercise moderation capabilities the server owner intended to revoke.
Downstream systems or audit logs that depend on channel integrity can reflect unauthorized changes originating from the bot.

How HarborGuard Handles This

Available on HarborGuard: images containing affected versions of duck-organization/questbot are detected and flagged automatically within minutes of CVE ingestion. Because no upstream fix exists yet, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment version 1.1.6 or a later fix is published upstream; customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention. While awaiting a fix, compensating controls worth considering include restricting bot command invocation to specific channels via Discord permission overwrites at the application gateway level, applying network policy isolation to limit which services can interact with the bot token, and auditing guild-level permission assignments to ensure no unintended escalation paths exist.

See how HarborGuard automates this

Affected packages

duck-organization / questbot
< 1.1.6

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

References

Metrics

Get notified