CVE-2026-28800
Received Received - Intake
Remote Code Execution via Discord Control in Natro Macro

Publication date: 2026-03-06

Last updated on: 2026-03-10

Assigner: GitHub, Inc.

Description
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This includes keyboard and mouse inputs and full file access. This issue has been patched in version 1.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28800
EUVD
EUVD-2026-10007
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
natroteam natro_macro to 1.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-28800 is a vulnerability in the Natro Macro, an open-source Bee Swarm Simulator macro written in AutoHotkey, affecting versions prior to 1.1.0. The issue arises when Discord Remote Control (RC) is set up in a non-private Discord channel. Any user with permission to send messages in that channel can exploit this vulnerability to execute commands on the host computer.

This includes full control over keyboard and mouse inputs as well as unrestricted access to the file system. The root causes include improper authentication, failure to restrict pathname access, and allowing upload of dangerous file types, which enable path traversal attacks and unauthorized file operations.

The vulnerability requires network access, high privileges, and user interaction to exploit, and it was patched in version 1.1.0 by implementing userID/roleID whitelisting to restrict command execution to authorized users only.

Impact Analysis

This vulnerability can have a significant impact by allowing unauthorized users to take full control of your computer through Discord Remote Control commands. Specifically, attackers can control your keyboard and mouse inputs and gain full access to your files.

Such control can lead to data theft, unauthorized file modification or deletion, and potentially disrupt system availability. Because the vulnerability affects confidentiality, integrity, and availability, it poses a high risk to your system security.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves unauthorized remote control commands sent via Discord messages in a non-private channel where Discord Remote Control is enabled. Detection would focus on monitoring Discord channels for suspicious remote control commands or unexpected activity from users with message-sending permissions.

Since the vulnerability exploits Discord Remote Control commands, you can check for unusual or unauthorized commands being executed by monitoring Discord message logs in the relevant channels.

No specific detection commands are provided in the available resources.

Mitigation Strategies

To mitigate this vulnerability, immediately update Natro Macro to version 1.1.0 or later, where the issue has been patched by implementing userID/roleID whitelisting for remote control commands.

As a workaround, keep the Discord command channel and server private and restrict message-sending permissions to prevent unauthorized users from controlling the macro or the host computer.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28800. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart