A vulnerability was found in duck-organization quest-bot up to 1.0.4 and classified as critical . Affected by this vulnerability is an unknown functionality of the component Autocomplete Handler . The manipulation results in authorization bypass. This vulnerability was named CVE-2026-47189 . The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.