प्लेटफ़ॉर्म
windows
घटक
natromacro
में ठीक किया गया
1.1.1
CVE-2026-28801 affects NatroMacro, an open-source macro tool for Bee Swarm Simulator. This vulnerability allows an attacker to inject and execute malicious code through shared pattern or path files, potentially leading to unauthorized actions within the application. Versions of NatroMacro prior to 1.1.0 are vulnerable, and a patch is available in version 1.1.0.
The primary impact of CVE-2026-28801 is the ability for an attacker to execute arbitrary code on a victim's system. Because NatroMacro users frequently share pattern and path files, a malicious actor can craft a file containing harmful AutoHotkey code and distribute it to unsuspecting users. Upon opening or using the compromised file within NatroMacro, the embedded code will execute silently in the background. This could lead to data theft, system manipulation, or even remote control of the affected machine. The blast radius extends to anyone using vulnerable versions of NatroMacro and sharing files with others.
This vulnerability was publicly disclosed on 2026-03-06. There are currently no known public exploits or active campaigns targeting CVE-2026-28801. It is not listed on the CISA KEV catalog. The ease of exploitation stems from the common practice of sharing files among NatroMacro users, making it a potentially attractive target for opportunistic attackers.
Bee Swarm Simulator players who actively share NatroMacro pattern and path files are at the highest risk. Users who download files from untrusted sources or participate in online communities where file sharing is common are particularly vulnerable. Legacy NatroMacro installations that have not been updated are also at risk.
• windows / supply-chain:
Get-Process -Name NatroMacro | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*NatroMacro*'}• windows / supply-chain:
Get-ItemProperty 'HKCU:\Software\NatroMacro' -Name 'LastRun'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (5% शतमक)
CISA SSVC
CVSS वेक्टर
The definitive mitigation for CVE-2026-28801 is to upgrade NatroMacro to version 1.1.0 or later. If upgrading is not immediately feasible, exercise extreme caution when opening or using pattern or path files from untrusted sources. Consider implementing a review process for shared files to scan for potentially malicious AutoHotkey code. While a direct WAF rule is not applicable, monitoring for unusual process activity associated with NatroMacro can provide an early warning. After upgrading, confirm the fix by attempting to execute a known malicious pattern file – it should no longer trigger code execution.
NatroMacro को संस्करण 1.1.0 या उच्चतर में अपडेट करें। यह संस्करण तृतीय-पक्ष द्वारा साझा की गई पैटर्न या पथ फ़ाइलों में निहित दुर्भावनापूर्ण AutoHotkey कोड के निष्पादन को रोककर कोड इंजेक्शन भेद्यता को ठीक करता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-28801 is a medium-severity vulnerability in NatroMacro versions up to 1.1.0 that allows malicious code to be executed from shared pattern/path files, potentially leading to unauthorized actions.
You are affected if you are using NatroMacro version 1.1.0 or earlier and share pattern or path files with other users.
Upgrade NatroMacro to version 1.1.0 or later to resolve this vulnerability. Exercise caution when opening files from untrusted sources until the upgrade is complete.
As of now, there are no known public exploits or active campaigns targeting CVE-2026-28801, but caution is advised.
Refer to the NatroMacro project's official repository or website for the latest advisory and release notes regarding CVE-2026-28801.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।