Questbot Discord Bot: 15 CVEs Disclosed, Including Critical CI/CD Pipeline Takeover

Key findings

• Critical CI/CD workflow injection (CVE-2026-47172) allows attackers to push malicious releases
• Four High-severity flaws bypass Discord's role hierarchy and permission system
• Empty AutoMod rule (CVE-2026-47196) triggers server-wide message deletion
• Mention injection bugs let low-privilege users ping @everyone across channels
• Logging and transcript config (CVE-2026-47176, CVE-2026-47177) can leak private channel contents
• Patches span four version bumps: 1.0.1 through 1.1.8; update to latest

Fifteen security vulnerabilities were disclosed together on June 11–12, 2026, in Questbot, an open-source Discord moderation bot developed by Duck Organization. The batch—a mix of Critical, High, Medium, and Low severity flaws—reveals systemic weaknesses in privilege enforcement, input sanitization, and mention suppression across the bot's moderation, ticket, and automation systems. The most severe issue, a CI/CD pipeline takeover, threatens the project's supply chain, while several High-severity bugs allow lower-ranked moderators to act above their authority or cause denial-of-service across entire servers.

Critical: CI/CD Pipeline Poisoning

The headline vulnerability of the batch is CVE-2026-47172 (CVSS Critical), a GitHub Actions workflow injection. Questbot's privileged deploy workflow runs after an unprivileged build workflow completes; because the build workflow executes on pull requests, an attacker can submit a malicious PR that poisons the build output, causing the deploy workflow to check out attacker-controlled code. This gives the attacker write access to the repository and the ability to push malicious releases to every server running the bot. The flaw was present in versions prior to 1.0.3.

High Severity: Privilege Escalation and Permission Bypasses

Four High-severity CVEs undermine Discord's built-in role hierarchy and permission model. CVE-2026-47197 allows a moderator with the relevant Discord permission bit to moderate users above them in the role hierarchy, as long as the bot itself outranks the target, bypassing native role protections entirely. CVE-2026-47195 lets users execute purge and slowmode commands in channels where they lack channel-level moderation permissions—only guild-level permissions are checked, leaving channel-specific restrictions ineffective. CVE-2026-47169 enables a user with Manage Server permission (but not Manage Roles or Administrator) to configure the AutoRole feature to assign any arbitrary role, including Administrator, to new members. CVE-2026-47163 makes the AutoMod add, remove, and list commands available to any guild member who can invoke slash commands, as the commands have no default permission requirement and no runtime check.

Denial-of-Service via AutoMod Empty-Rule Injection

CVE-2026-47196 (High) describes a logic flaw in the automod add command: user input is trimmed but an empty result is not rejected. Adding a rule containing only whitespace stores an empty string as the trigger word. The message listener calls content.includes(""), which is always true, causing the bot to delete every non-bot message in every channel where automod is active—effectively a server-wide denial-of-service.

Unauthorized Ticket and Exclusion-Spam

CVE-2026-49347 (Medium) lets any user who can access the ticket panel repeatedly create new ticket channels; the system does not check whether the same user already has an open ticket. CVE-2026-47189 (High) exposes a cross-guild AutoMod deletion attack: the remove flow looks up rules by global database ID without verifying guild ownership, so a user who learns a victim guild's rule ID can delete that guild's AutoMod rules remotely.

Mention Injection: From Low to Full-Server Disruption

The batch contains a cluster of mention-injection bugs, ranging from Low to High severity. CVE-2026-47173 (Medium) allows a normal user to include @everyone or @here in a ticket creation reason, which the bot posts unmodified to the new ticket channel. CVE-2026-47171 (High) lets a normal user create a reminder containing @everyone or @here; when the reminder triggers, the bot sends the mass mention into the channel, potentially pinging the entire server. CVE-2026-48485 (Low) involves stored warning reasons printed by /warns without mention suppression, letting moderators inject @everyone through warning reasons. CVE-2026-47188 (Low) shows that /unban and /unwarn echo user-controlled reason text without allowedMentions. CVE-2026-47175 (Low) covers similar omission in several moderation commands.

Data Leakage via Logging and Transcript Misconfiguration

CVE-2026-47176 (Medium) lets users who can configure bot settings enable logging and choose a logging channel they can read; the bot then logs deleted and edited message contents from every channel it can see, including private channels. CVE-2026-47177 (Medium) is similar: users who can configure bot settings can set the ticket transcript channel to a channel they can read, exposing the full history of all closed tickets.

Response and Remediation

Duck Organization has released patched versions addressing the full batch: version 1.1.8 fixes the ticket-spam issue (CVE-2026-49347), version 1.1.6 resolves the mention injection, permission bypass, and empty-rule injection bugs (CVE-2026-48485, CVE-2026-47197, CVE-2026-47196, CVE-2026-47195), version 1.0.5 addresses the cross-guild AutoMod deletion and the unban/unwarn mention injection (CVE-2026-47189, CVE-2026-47188), version 1.0.4 fixes the logging and transcript channel issues (CVE-2026-47177, CVE-2026-47176, CVE-2026-47175), and version 1.0.3 resolves the CI/CD takeover, reminder mention injection, AutoRole privilege escalation, and ticket mention injection (CVE-2026-47172, CVE-2026-47171, CVE-2026-47169, CVE-2026-47173). Version 1.0.1 patches the AutoMod permission bypass (CVE-2026-47163). Server administrators should update Questbot to the latest release immediately.

For Questbot users, this batch illustrates the risks that come with running a third-party moderation bot that has elevated Discord permissions. The breadth of the issues—from CI/CD compromise to mention spam to privilege escalation—means a single unpatched version can expose a server to takeover, data leaks, or denial-of-service. Server owners should verify they are running at least version 1.1.8 and review which bot configuration permissions they grant to non-admin users.