CVE-2026-28800 is a vulnerability in NatroTeam's NatroMacro, an AutoHotkey-based macro tool designed for the Bee Swarm Simulator game. The flaw exists in versions prior to 1.1.0 and is related to improper limitation of pathname traversal (CWE-22), inadequate authentication (CWE-287), and improper control of resource access (CWE-434). Specifically, when the Discord Remote Control feature is enabled in a non-private Discord channel, any user with permission to send messages in that channel can remotely control the victim's computer. This includes sending arbitrary keyboard and mouse inputs and accessing or modifying any files on the host system. The vulnerability arises because the application does not properly restrict the scope of commands or authenticate users beyond Discord message permissions, allowing malicious actors to leverage Discord's messaging system as a command and control channel. The attack requires that the victim has set up Discord Remote Control in a channel accessible to untrusted users, which is a misconfiguration. The CVSS v3.1 score is 6.4 (medium), reflecting network attack vector, high privileges required on Discord, user interaction, and high impact on confidentiality, integrity, and availability. The vulnerability has been addressed in version 1.1.0 by enforcing stricter access controls and fixing pathname traversal issues. No public exploits have been reported yet, but the risk remains for users running outdated versions in insecure Discord environments.

The impact of CVE-2026-28800 is significant for users and organizations that utilize NatroMacro with Discord Remote Control enabled in non-private channels. An attacker with message-sending permissions can gain full control over the victim's computer, including executing arbitrary input commands and accessing or modifying any files. This compromises confidentiality, integrity, and availability of the system. For individuals, this could lead to data theft, system manipulation, or malware installation. For organizations, especially those with shared or public Discord servers, this vulnerability could be exploited to infiltrate internal systems, steal sensitive information, or disrupt operations. The requirement for user interaction and elevated Discord permissions somewhat limits the attack surface but does not eliminate risk, particularly in communities or teams with lax channel permissions. The absence of known exploits reduces immediate threat but does not preclude future attacks. Overall, the vulnerability poses a moderate to high risk in environments where NatroMacro is used collaboratively without strict channel controls.

To mitigate CVE-2026-28800, users and organizations should immediately upgrade NatroMacro to version 1.1.0 or later, where the vulnerability has been patched. Additionally, Discord Remote Control should only be enabled in private, trusted channels with tightly controlled permissions to restrict message-sending capabilities to authorized users. Administrators should audit Discord channel permissions regularly to prevent unauthorized access. Employing endpoint security solutions that monitor unusual input device activity can help detect potential exploitation attempts. Users should avoid running NatroMacro on sensitive or production systems unless necessary and ensure that their AutoHotkey scripts and macros are from trusted sources. Network segmentation and limiting outbound connections from gaming or macro environments can reduce exposure. Finally, educating users about the risks of enabling remote control features in public or semi-public channels is critical to prevent misconfigurations.