CVE-2026-48027

CRITICAL

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 5/27/2026Modified: 5/27/2026

Related Intelligence (4)

LOWSupply Chain

Supply Chain Compromises Impact Nx Console and GitHub Repositories

<p>CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat

CVE-2026-48027
CISA Advisories
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48027 — Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver...

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx C

CVE-2026-48027
NIST NVD
MEDIUMVulnerability

CISA Adds Three Known Exploited Vulnerabilities to Catalog

<p>CISA has added&nbsp;three&nbsp;new vulnerabilities&nbsp;to its&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul type="disc"> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-8398" target="_blank">CVE-2026-8398</a>&nbsp;Daemon Tools Lite Embedded Malicious Code Vu

CVE-2026-8398CVE-2026-45321
CISA Advisories
HIGHVulnerability

CISA KEV: Nx Nx Console — Nx Console Embedded Malicious Code Vulnerability

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

CVE-2026-48027Nx Nx Console
CISA KEV

References (5)

https://github.com/nrwl/nx-console/issues/3139Issue Trackinghttps://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847wMitigationVendor Advisoryhttps://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromiseVendor Advisoryhttps://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromisedExploitThird Party Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027US Government Resource