CVE-2026-48027
Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.
View on NVDSeverity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCWE-506CISA KEV
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
EPSS
No EPSS score yet (CVE may be too fresh).
Affects
nx:nx_consoleTechnical description
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
References
- https://github.com/nrwl/nx-console/issues/3139
- https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
- https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise
- https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027