CVE-2026-49347

UNKNOWN 0.0

Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the same user already has an open ticket and without applying a cooldown. This issue has been patched in version 1.1.8.

CWE	CWE-770
Vendor	duck-organization
Product	questbot
Published	Jun 12, 2026

Stay Ahead of the Next One

Get instant alerts for duck-organization questbot

Be the first to know when new unknown vulnerabilities affecting duck-organization questbot are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

duck-organization / questbot

< 1.1.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/duck-organization/questbot/security/advisories/GHSA-r56q-v363-367q github.com: https://github.com/duck-organization/questbot/releases/tag/questbot-v1.1.8