AI Threat Alert

CVE-2026-49347: QuestBot: resource exhaustion via unlimited ticket creation

AWAITING NVD
Published June 12, 2026
CISO Take

Quest Bot, an open-source Discord bot, fails to enforce any per-user limit or cooldown on ticket creation, allowing any authenticated user with ticket panel access to flood the system with new channels and database records. The practical impact for AI/ML teams is minimal — this is a generic Discord bot vulnerability with no CVSS score, no EPSS data, no public exploit, and no CISA KEV listing, placing exploitation likelihood in the lowest tier. The asset affected (a community Discord bot) sits outside typical enterprise AI/ML stacks, so blast radius is confined to organizations self-hosting this specific bot. Remediation is straightforward: upgrade to version 1.1.8, which introduces duplicate-check logic and submission throttling.

Sources: NVD GitHub Advisory ATLAS

What is the risk?

Overall risk is LOW. No CVSS score has been assigned, exploitation requires prior authenticated access to the ticket panel (not a zero-click or unauthenticated vector), and the impact is limited to resource exhaustion on a Discord-adjacent service. There is no evidence of active exploitation, no public exploit code, and no known downstream dependents in AI/ML ecosystems. The CWE-770 class (Allocation of Resources Without Limits) is a common, well-understood pattern with straightforward remediation. This CVE does not represent a meaningful threat to AI/ML pipelines, model serving infrastructure, or compliance postures.

How does the attack unfold?

Initial Access
Attacker obtains legitimate Discord membership with access to the ticket panel — no privilege escalation required.
AML.T0012
Exploitation
Attacker scripts rapid repeated ticket modal submissions, exploiting the absence of duplicate checks or cooldown enforcement on the server side.
AML.T0049
Impact
Hundreds of orphaned Discord channels and database rows are created, exhausting Discord API channel limits and degrading ticket triage operations for security teams.
AML.T0029

How severe is it?

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
Trivial

What should I do?

5 steps

  1. Upgrade Quest Bot to version 1.1.8 immediately — the patch introduces per-user open-ticket checks and modal submission throttling.

  2. If immediate upgrade is not possible, restrict ticket panel access to a minimal set of trusted users via Discord role permissions as a compensating control.

  3. Monitor Discord audit logs for anomalous channel-creation bursts originating from a single user.

  4. Review PostgreSQL table growth for the tickets table; unusually high row counts from a single user_id are the primary detection signal.

  5. Consider adding a database-level CHECK constraint or application-layer rate limiter as defense-in-depth even after patching.

How is it classified?

DoS API AML.T0029 AML.T0034.000

Which compliance frameworks are affected?

This CVE is relevant to:

ISO 42001
8.4 - AI system operation and monitoring
NIST AI RMF
MANAGE 2.4 - Residual risks are managed

Frequently Asked Questions

What is CVE-2026-49347?

Quest Bot, an open-source Discord bot, fails to enforce any per-user limit or cooldown on ticket creation, allowing any authenticated user with ticket panel access to flood the system with new channels and database records. The practical impact for AI/ML teams is minimal — this is a generic Discord bot vulnerability with no CVSS score, no EPSS data, no public exploit, and no CISA KEV listing, placing exploitation likelihood in the lowest tier. The asset affected (a community Discord bot) sits outside typical enterprise AI/ML stacks, so blast radius is confined to organizations self-hosting this specific bot. Remediation is straightforward: upgrade to version 1.1.8, which introduces duplicate-check logic and submission throttling.

Is CVE-2026-49347 actively exploited?

No confirmed active exploitation of CVE-2026-49347 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-49347?

1. Upgrade Quest Bot to version 1.1.8 immediately — the patch introduces per-user open-ticket checks and modal submission throttling. 2. If immediate upgrade is not possible, restrict ticket panel access to a minimal set of trusted users via Discord role permissions as a compensating control. 3. Monitor Discord audit logs for anomalous channel-creation bursts originating from a single user. 4. Review PostgreSQL table growth for the tickets table; unusually high row counts from a single user_id are the primary detection signal. 5. Consider adding a database-level CHECK constraint or application-layer rate limiter as defense-in-depth even after patching.

What systems are affected by CVE-2026-49347?

This vulnerability affects the following AI/ML architecture patterns: community operations tooling, Discord-based security triage workflows.

What is the CVSS score for CVE-2026-49347?

No CVSS score has been assigned yet.

What is the AI security impact?

Affected AI Architectures

community operations toolingDiscord-based security triage workflows

MITRE ATLAS Techniques

AML.T0029 Denial of AI Service
AML.T0034.000 Excessive Queries

Compliance Controls Affected

ISO 42001: 8.4
NIST AI RMF: MANAGE 2.4

What are the technical details?

Original Advisory

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the same user already has an open ticket and without applying a cooldown. This issue has been patched in version 1.1.8.

Exploitation Scenario

An attacker (or disgruntled community member) with legitimate access to the Discord server's ticket panel submits the ticket modal in rapid succession using a simple script or browser automation. Each submission creates a new Discord channel and a corresponding database row without any server-side deduplication check or cooldown enforcement. Within minutes, the attacker can generate hundreds of orphaned ticket channels and database records, degrading Discord readability, hitting Discord API rate limits for the bot account, and bloating the PostgreSQL instance. For an AI security operations team using this bot to triage vulnerability reports, the flood renders the ticket queue unusable and may cause the bot to hit Discord's channel creation caps, blocking legitimate ticket creation.

Weaknesses (CWE)

CWE-770 Allocation of Resources Without Limits or Throttling Primary

CWE-770 — Allocation of Resources Without Limits or Throttling: The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

  • [Requirements] Clearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits.
  • [Architecture and Design] Limit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410.

Source: MITRE CWE corpus.

References

Timeline

Published
June 12, 2026
Last Modified
June 12, 2026
First Seen
June 12, 2026

Related Vulnerabilities

CRITICAL CVE-2026-33660 10.0

TensorFlow: type confusion NPD in tensor conversion

Same attack type: DoS
CRITICAL CVE-2023-25668 9.8

TensorFlow: unauthenticated RCE via heap buffer overflow

Same attack type: DoS
CRITICAL CVE-2022-23587 9.8

TensorFlow: integer overflow in Grappler enables RCE

Same attack type: DoS
CRITICAL CVE-2022-35939 9.8

TensorFlow: ScatterNd OOB write enables RCE/crash

Same attack type: DoS
CRITICAL CVE-2022-41900 9.8

TensorFlow: heap OOB RCE in FractionalMaxPool op

Same attack type: DoS
Back to Threat Feed