Plateforme
windows
Composant
natromacro
Corrigé dans
1.1.1
CVE-2026-28800 describes a Remote Code Execution (RCE) vulnerability within Natro Macro, an AutoHotkey-based macro tool for the Bee Swarm Simulator game. This flaw arises from a misconfiguration of Discord Remote Control, allowing users with message-sending permissions in non-private Discord channels to gain complete control over a victim's computer. The vulnerability is addressed in version 1.1.0.
The impact of CVE-2026-28800 is severe, as a malicious actor can leverage Discord Remote Control to execute arbitrary code on a victim's machine. This grants them full control, including keyboard and mouse input, and unrestricted file access. Attackers could steal sensitive data, install malware, or use the compromised system as a launchpad for further attacks within the victim's network. The ease of exploitation, requiring only message-sending permissions in a shared Discord channel, significantly broadens the potential attack surface.
This vulnerability was publicly disclosed on 2026-03-06. While no public proof-of-concept (PoC) has been widely reported, the ease of exploitation and the potential for significant impact suggest a medium probability of exploitation (EPSS score likely medium). The vulnerability's reliance on Discord Remote Control configuration makes it dependent on user behavior and server settings, potentially limiting its immediate widespread exploitation.
Users of Bee Swarm Simulator who utilize Natro Macro, particularly those who have enabled Discord Remote Control in non-private channels, are at significant risk. Shared hosting environments where multiple users share access to a single Bee Swarm Simulator installation are also vulnerable.
• windows / supply-chain:
Get-Process -Name NatroMacro | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*NatroMacro*'}• windows / supply-chain: Check Autoruns for entries related to Natro Macro or AutoHotkey scripts.
disclosure
patch
Statut de l'Exploit
EPSS
0.03% (percentile 9%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-28800 is to immediately upgrade Natro Macro to version 1.1.0 or later. If upgrading is not feasible due to compatibility issues or system constraints, carefully review Discord Remote Control settings. Ensure that Remote Control is disabled or restricted to private channels only. Consider implementing stricter Discord server permissions to limit message-sending capabilities. After upgrading, confirm the fix by attempting to trigger the Remote Control functionality from a non-private Discord channel; it should be denied.
Mettez à jour Natro Macro à la version 1.1.0 ou supérieure. Cette version corrige la vulnérabilité qui permet l'exécution à distance de commandes via Discord. Assurez-vous de télécharger la mise à jour depuis la source officielle (NatroTeam) pour éviter les versions modifiées.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-28800 is a Remote Code Execution vulnerability in Natro Macro, a Bee Swarm Simulator macro tool. A Discord Remote Control misconfiguration allows unauthorized control of a user's computer.
You are affected if you use Natro Macro version 1.1.0 or earlier and have Discord Remote Control enabled in a non-private channel.
Upgrade Natro Macro to version 1.1.0 or later. Alternatively, disable Discord Remote Control or restrict it to private channels.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential risk.
Refer to the Natro Macro project repository and related Bee Swarm Simulator community forums for updates and advisories.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.