Scan free
MEDIUMCVE-2026-28800CVSS 6.4

CVE-2026-28800: RCE in Natro Macro for Bee Swarm Simulator

Platform

windows

Component

natromacro

Fixed in

1.1.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2026-28800 describes a Remote Code Execution (RCE) vulnerability within Natro Macro, an AutoHotkey-based macro tool for the Bee Swarm Simulator game. This flaw arises from a misconfiguration of Discord Remote Control, allowing users with message-sending permissions in non-private Discord channels to gain complete control over a victim's computer. The vulnerability is addressed in version 1.1.0.

Impact and Attack Scenarios

The impact of CVE-2026-28800 is severe, as a malicious actor can leverage Discord Remote Control to execute arbitrary code on a victim's machine. This grants them full control, including keyboard and mouse input, and unrestricted file access. Attackers could steal sensitive data, install malware, or use the compromised system as a launchpad for further attacks within the victim's network. The ease of exploitation, requiring only message-sending permissions in a shared Discord channel, significantly broadens the potential attack surface.

Exploitation Context

This vulnerability was publicly disclosed on 2026-03-06. While no public proof-of-concept (PoC) has been widely reported, the ease of exploitation and the potential for significant impact suggest a medium probability of exploitation (EPSS score likely medium). The vulnerability's reliance on Discord Remote Control configuration makes it dependent on user behavior and server settings, potentially limiting its immediate widespread exploitation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
Reports1 threat report

EPSS

0.03% (9% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H6.4MEDIUMAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityHighConditions required to exploitPrivileges RequiredHighAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required
High — admin or privileged account required to exploit.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentnatromacro
VendorNatroTeam
Affected rangeFixed in
< 1.1.0 – < 1.1.01.1.1

Weakness Classification (CWE)

CWE-22CWE-287CWE-434

Timeline

  1. Reserved
  2. Published
  3. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2026-28800 is to immediately upgrade Natro Macro to version 1.1.0 or later. If upgrading is not feasible due to compatibility issues or system constraints, carefully review Discord Remote Control settings. Ensure that Remote Control is disabled or restricted to private channels only. Consider implementing stricter Discord server permissions to limit message-sending capabilities. After upgrading, confirm the fix by attempting to trigger the Remote Control functionality from a non-private Discord channel; it should be denied.

How to fix

Update Natro Macro to version 1.1.0 or higher. This version corrects the vulnerability that allows remote command execution through Discord. Ensure you download the update from the official source (NatroTeam) to avoid modified versions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-28800 — RCE in Natro Macro for Bee Swarm Simulator?

CVE-2026-28800 is a Remote Code Execution vulnerability in Natro Macro, a Bee Swarm Simulator macro tool. A Discord Remote Control misconfiguration allows unauthorized control of a user's computer.

Am I affected by CVE-2026-28800 in Natro Macro?

You are affected if you use Natro Macro version 1.1.0 or earlier and have Discord Remote Control enabled in a non-private channel.

How do I fix CVE-2026-28800 in Natro Macro?

Upgrade Natro Macro to version 1.1.0 or later. Alternatively, disable Discord Remote Control or restrict it to private channels.

Is CVE-2026-28800 being actively exploited?

While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential risk.

Where can I find the official Bee Swarm Simulator advisory for CVE-2026-28800?

Refer to the Natro Macro project repository and related Bee Swarm Simulator community forums for updates and advisories.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs