CVE-2026-28800 Natro — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	6.4 (MEDIUM)
Fixed In	1.1.0
Type	CWE-434 (Unrestricted File Upload (Неограниченная загрузка файлов)), CWE-22 (Path Traversal (Обход пути)), CWE-287 (Improper Authentication (Неправильная аутентификация))
Vendor	Natro
Public PoC	No

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This includes keyboard and mouse inputs and full file access.

This issue has been patched in version 1.1.0.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

High

Сложно эксплуатировать

Privileges Required

High

Нужны права администратора

User Interaction

Required

Нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-434 Unrestricted File Upload (Неограниченная загрузка файлов)

CWE-22 Path Traversal (Обход пути)

CWE-287 Improper Authentication (Неправильная аутентификация)

References 1

https://github.com/NatroTeam/NatroMacro/security/advisories/GHSA-ph9r-2qjm-ghvg

security-advisories@github.com

Menu

CVE-2026-28800

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice