Vulnerability Details CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.321
EPSS Ranking 96.9%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.
Ransomware Campaign
Known
References
- https://github.com/nrwl/nx-console/issues/3139
- https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
- https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise
- https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027
Products affected by CVE-2026-48027
-
cpe:2.3:a:nx:nx_console:18.95.0