CVE-2026-47195

Vulnerability Description

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissions can still delete messages or change slowmode through the bot. This issue has been patched in version 1.1.6.

Vulnerability Details

Published Date

June 12, 2026

Last Modified

June 12, 2026

CWE ID

CWE-863

Source

NVD

Vendor

duck-organization

Product

questbot

External References

https://github.com/duck-organization/questbot/releases/tag/questbot-v1.1.6
https://github.com/duck-organization/questbot/security/advisories/GHSA-2wf8-554w-hrj9
https://github.com/duck-organization/questbot/security/advisories/GHSA-2wf8-554w-hrj9

CVE-2026-47195

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment