CVE-2026-28800HIGH 8.0EPSS p11.5%

CVE-2026-28800CVE-2026-28800

Description

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This includes keyboard and mouse inputs and full file access. This issue has been patched in version 1.1.0.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS0.21% probability of exploitation · percentile 11.5% · 2026-06-19T12:03:05Z
Published2026-03-06
Last modified2026-03-10

Underlying weaknesses· 3

CWE-22CWE-287CWE-434

References

  1. https://github.com/NatroTeam/NatroMacro/security/advisories/GHSA-ph9r-2qjm-ghvg

3

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live
WeaknessImproper Authenticationcwe-2870%live
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10211
CVE
CVE-2025-46070
CVE
CVE-2026-41303
CVE
CVE-2026-21256
CVE
CVE-2026-49140
CVE
CVE-2026-10212
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.