CVE-2026-48027

UNKNOWN Actively Exploited NVDCISA KEV

CVSS Score 0

Severity UNKNOWN

Published May 27, 2026

Vendor unknown

This vulnerability is in the CISA Known Exploited Vulnerabilities Catalog. Active exploitation has been observed. Immediate patching is recommended.

Description

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

References

https://github.com/nrwl/nx-console/issues/3139
https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise
https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised