VYPR
Critical severity9.8CISA KEVNVD Advisory· Published May 27, 2026· Updated May 27, 2026

CVE-2026-48027

CVE-2026-48027

Description

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nrwl/Nx Consolereferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 18.95.0

Patches

Vulnerability mechanics

References

5

News mentions

6