Nx Console Embedded Malicious Code Vulnerability
Nx — Nx Console
- Added to KEV catalog
- 27 May 2026
- Federal remediation due date
- 10 June 2026
- Weakness classification (CWE)
- CWE-506
AI Breakdown
What it is
This vulnerability involves a malicious version of the Nx Console tool, specifically version 18.95.0, that was briefly distributed. If installed, this compromised version contained hidden code designed to steal sensitive credentials from various locations on a user's computer. The issue has since been addressed, and a clean version is available.
Why it matters
This is a critical vulnerability with a CVSS score of 9.8, indicating a severe risk to affected systems. It is particularly urgent because CISA has confirmed its use in known ransomware campaigns, meaning attackers are actively exploiting it to gain access and deploy malware. Stolen credentials can lead to widespread network compromise and significant data theft.
Recommended action
All users of Nx Console must immediately upgrade to version 18.100.0 or a later secure version to remove the malicious code and protect against credential theft. If upgrading is not possible, discontinue use of the product entirely to eliminate the risk. Additionally, follow any specific mitigation instructions provided by the vendor or CISA.
AI-generated from CISA and NVD data — treat as a starting point, not a substitute for your own risk assessment.
CISA Description
Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w ; https://nvd.nist.gov/vuln/detail/CVE-2026-48027
NVD Technical Description
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services