NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-47169

Summary	Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the selected role has Administrator and is below the bot’s highest role, the attacker can join with a controlled account and receive full server admin. This issue has been patched in version 1.0.3.
Publication Date	June 12, 2026, 4:16 a.m.
Registration Date	June 13, 2026, 4:14 a.m.
Last Update	June 12, 2026, 5:58 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.3	security-advisories@github.com
2	https://github.com/duck-organization/questbot/security/advisories/GHSA-8vgg-4hpx-7qfg	security-advisories@github.com
3	https://github.com/duck-organization/questbot/security/advisories/GHSA-8vgg-4hpx-7qfg	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-266	不適切な権限設定	https://cwe.mitre.org/data/definitions/266.html