Critical severity9.8CISA KEVNVD Advisory· Published May 27, 2026· Updated May 27, 2026
CVE-2026-48027
CVE-2026-48027
Description
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 18.95.0
Patches
Vulnerability mechanics
References
5- www.stepsecurity.io/blog/nx-console-vs-code-extension-compromisednvdExploitThird Party Advisory
- github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847wnvdMitigationVendor Advisory
- nx.dev/blog/nx-console-v18-95-0-postmortemnvdVendor Advisory
- github.com/nrwl/nx-console/issues/3139nvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
6- FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain AttacksCyber Security News · Jul 3, 2026
- Attackers Abuse Trusted Developer Tooling to Exfiltrate Source Code and SecretsCyber Security News · May 29, 2026
- Nrwl: Actively-Exploited Flaw Added to CISA KEV, Linked to RansomwareVypr Intelligence · May 27, 2026
- GitHub Breach Traced to Malicious 'Nx Console' VS Code ExtensionInfosecurity Magazine · May 21, 2026
- CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA Alerts
- Supply Chain Compromises Impact Nx Console and GitHub RepositoriesCISA Alerts