1.1.1
CVE-2026-28800 describes a Remote Code Execution (RCE) vulnerability within Natro Macro, an AutoHotkey-based macro tool for the Bee Swarm Simulator game. This flaw arises from a misconfiguration of Discord Remote Control, allowing users with message-sending permissions in non-private Discord channels to gain complete control over a victim's computer. The vulnerability is addressed in version 1.1.0.
The impact of CVE-2026-28800 is severe, as a malicious actor can leverage Discord Remote Control to execute arbitrary code on a victim's machine. This grants them full control, including keyboard and mouse input, and unrestricted file access. Attackers could steal sensitive data, install malware, or use the compromised system as a launchpad for further attacks within the victim's network. The ease of exploitation, requiring only message-sending permissions in a shared Discord channel, significantly broadens the potential attack surface.
This vulnerability was publicly disclosed on 2026-03-06. While no public proof-of-concept (PoC) has been widely reported, the ease of exploitation and the potential for significant impact suggest a medium probability of exploitation (EPSS score likely medium). The vulnerability's reliance on Discord Remote Control configuration makes it dependent on user behavior and server settings, potentially limiting its immediate widespread exploitation.
Users of Bee Swarm Simulator who utilize Natro Macro, particularly those who have enabled Discord Remote Control in non-private channels, are at significant risk. Shared hosting environments where multiple users share access to a single Bee Swarm Simulator installation are also vulnerable.
• windows / supply-chain:
Get-Process -Name NatroMacro | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*NatroMacro*'}• windows / supply-chain: Check Autoruns for entries related to Natro Macro or AutoHotkey scripts.
disclosure
patch
漏洞利用状态
EPSS
0.03% (9% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-28800 is to immediately upgrade Natro Macro to version 1.1.0 or later. If upgrading is not feasible due to compatibility issues or system constraints, carefully review Discord Remote Control settings. Ensure that Remote Control is disabled or restricted to private channels only. Consider implementing stricter Discord server permissions to limit message-sending capabilities. After upgrading, confirm the fix by attempting to trigger the Remote Control functionality from a non-private Discord channel; it should be denied.
将 Natro Macro 更新到 1.1.0 或更高版本。此版本修复了通过 Discord 执行远程命令的漏洞。请务必从官方来源 (NatroTeam) 下载更新,以避免下载恶意修改的版本。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-28800 is a Remote Code Execution vulnerability in Natro Macro, a Bee Swarm Simulator macro tool. A Discord Remote Control misconfiguration allows unauthorized control of a user's computer.
You are affected if you use Natro Macro version 1.1.0 or earlier and have Discord Remote Control enabled in a non-private channel.
Upgrade Natro Macro to version 1.1.0 or later. Alternatively, disable Discord Remote Control or restrict it to private channels.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential risk.
Refer to the Natro Macro project repository and related Bee Swarm Simulator community forums for updates and advisories.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。