CVE-2026-28801

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which is then executed by the program. This code can operate in silence alongside the pattern, running in the background to do whatever the attacker pleases. This issue has been patched in version 1.1.0.

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/NatroTeam/NatroMacro/security/advisories/GHSA-c5gm-vfvf-pwhx	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:natroteam:natro_macro:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-06 07:16

Updated : 2026-03-10 19:41

NVD link : CVE-2026-28801

Mitre link : CVE-2026-28801

CVE.ORG link : CVE-2026-28801

JSON object : View

Products Affected

natroteam

natro_macro

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2026-28801", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-03-06T07:16:00.883", "references": [{"url": "https://github.com/NatroTeam/NatroMacro/security/advisories/GHSA-c5gm-vfvf-pwhx", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which is then executed by the program. This code can operate in silence alongside the pattern, running in the background to do whatever the attacker pleases. This issue has been patched in version 1.1.0."}, {"lang": "es", "value": "Natro Macro es un macro de c\u00f3digo abierto para Bee Swarm Simulator escrito en AutoHotkey. Antes de la versi\u00f3n 1.1.0, cualquier c\u00f3digo ahk contenido dentro de un archivo de patr\u00f3n o ruta es ejecutado por el macro. Dado que los usuarios suelen compartir archivos de ruta/patr\u00f3n, un atacante podr\u00eda compartir un archivo que contiene c\u00f3digo malicioso, el cual es luego ejecutado por el programa. Este c\u00f3digo puede operar en silencio junto con el patr\u00f3n, ejecut\u00e1ndose en segundo plano para hacer lo que el atacante desee. Este problema ha sido parcheado en la versi\u00f3n 1.1.0."}], "lastModified": "2026-03-10T19:41:21.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:natroteam:natro_macro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D82B08C5-1B84-4F2F-82F7-32C5DF3DC40D", "versionEndExcluding": "1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}