CVE-2026-48027

EUVD-2026-32550

27.05.2026, 17:16

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
nx	nx_console	18.95.0

𝑥

= Vulnerable software versions

Known Exploits!

https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised

Common Weakness Enumeration

CWE-506 - Embedded Malicious Code
The application contains code that appears to be malicious in nature.

Vulnerability Media Exposure

[ENGLISH] GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
Published: 2026-05-21T14:45:00+00:00

References

https://github.com/nrwl/nx-console/issues/3139

https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w

https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise

https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027