CVE-2026-28801

MEDIUM

6.6

Descricao

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which is then executed by the program. This code can operate in silence alongside the pattern, running in the background to do whatever the attacker pleases. This issue has been patched in version 1.1.0.

Detalhes CVE

Pontuacao CVSS v3.16.6

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioREQUIRED

Publicado3/6/2026

Ultima modificacao3/10/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

natroteam:natro_macro

Fraquezas (CWE)

CWE-94

Referencias

https://github.com/NatroTeam/NatroMacro/security/advisories/GHSA-c5gm-vfvf-pwhx(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.