CVE-2026-28800 Natro — Exploit & Vulnerability Details MEDIUM

CVE-2026-28800

MEDIUM CVSS 3.1: 6.4 EPSS 0.05%

Parameter	Value
CVSS	6.4 (MEDIUM)
Fixed In	1.1.0
Type	CWE-287 (Improper Authentication), CWE-22 (Path Traversal), CWE-434 (Unrestricted File Upload)
Vendor	Natro
Public PoC	No

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This includes keyboard and mouse inputs and full file access.

This issue has been patched in version 1.1.0.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

High

Admin privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-287 Improper Authentication

CWE-22 Path Traversal

CWE-434 Unrestricted File Upload

References 1

https://github.com/NatroTeam/NatroMacro/security/advisories/GHSA-ph9r-2qjm-ghvg

security-advisories@github.com

Share Post Share Share Share

Menu

CVE-2026-28800

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-28800

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity