VYPR
← All advisories
High severityNVD Advisory· Published Jun 11, 2026· Updated Jun 11, 2026

CVE-2026-47189

CVE-2026-47189

Description

Unauthenticated users can delete AutoMod rules from other Discord guilds by exploiting a missing guild-ID check in Quest Bot prior to 1.0.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated users can delete AutoMod rules from other Discord guilds by exploiting a missing guild-ID check in Quest Bot prior to 1.0.5.

Vulnerability

In Quest Bot versions prior to 1.0.5, the AutoMod remove command (/automod remove) deletes rules by their global database ID without verifying that the rule belongs to the guild where the command is executed. The vulnerable code is in apps/bot/src/commands/moderation/automod.ts (functions autocompleteRun and chatInputRun) and apps/bot/src/lib/automod.ts (functions getAutoMod and removeAutoMod). The autocomplete handler returns rule IDs for the current guild without checking Manage Server permission, and the remove handler only checks caller permissions in the command's guild, then deletes the rule without comparing autoMod.guildId to interaction.guildId. [1][2]

Exploitation

An attacker must have the bot installed in both a victim guild (where they are a normal member) and an attacker guild (where they have Manage Server permission). First, in the victim guild, the attacker runs /automod remove word: and triggers autocomplete to obtain a victim rule ID from the response. Then, in the attacker guild, they run /automod remove word:<victim_rule_id>. Because the removal logic does not scope deletion to the command's guild, the victim guild's rule is deleted. [2]

Impact

Successful exploitation allows an attacker to delete AutoMod blocked-word rules from a guild where they are only a normal member. This weakens the victim guild's moderation capabilities by removing configured AutoMod rules, potentially enabling disruptive or malicious content to bypass automated filters. [2]

Mitigation

The vulnerability is patched in version 1.0.5 of Quest Bot. Users should update to the latest release (tagged questbot-v1.0.5). No workarounds are documented. The fix ensures that the AutoMod removal handler verifies the rule belongs to the guild where the command is executed. [1][2]

References
  1. Release questbot-v1.0.5 · duck-organization/questbot
  2. AutoMod removal can delete rules from another guild by global rule ID

AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing guild-ID ownership check in AutoMod rule deletion allows a user to delete a rule belonging to a different guild."

Attack vector

An attacker who is a normal member of a victim guild can observe AutoMod rule IDs via the autocomplete response of `/automod remove word:` in that guild [ref_id=1]. The attacker then runs the same command in another guild where they have Manage Server permission, supplying the victim rule's ID. Because the remove handler only checks the caller's permissions in the command's guild and does not scope the deletion to that guild's rules, the victim guild's AutoMod rule is deleted [ref_id=1].

Affected code

The vulnerability is in `apps/bot/src/commands/moderation/automod.ts` (functions `autocompleteRun` and `chatInputRun`) and `apps/bot/src/lib/automod.ts` (functions `getAutoMod` and `removeAutoMod`). The autocomplete handler leaks global AutoMod rule IDs without checking Manage Server permission, and the remove handler deletes a rule by global ID without verifying that `autoMod.guildId === interaction.guildId` [ref_id=1].

What the fix does

The patch adds a guild-ID ownership check before deleting an AutoMod rule: after fetching the rule by its global database ID, the code verifies that `autoMod.guildId === interaction.guildId`. If the IDs do not match, the deletion is rejected. This ensures a user cannot delete a rule belonging to a guild other than the one where the command is executed [ref_id=1].

Preconditions

  • configThe bot must be installed in both the victim guild and the attacker guild.
  • configThe victim guild must have at least one AutoMod rule.
  • authThe attacker must be able to trigger autocomplete in the victim guild (no special permission required).
  • authThe attacker must have Manage Server permission in the attacker guild.
  • inputThe attacker must be able to inspect Discord autocomplete response data.

Generated on Jun 11, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.