Skip to main content
All vulnerabilities
CVE-2026-48027 Known ransomware use CVSS 9.8

Nx Console Embedded Malicious Code Vulnerability

NxNx Console

Added to KEV catalog
27 May 2026
Federal remediation due date
10 June 2026
Weakness classification (CWE)
CWE-506

AI Breakdown

What it is

This vulnerability involves a malicious version of the Nx Console tool, specifically version 18.95.0, that was briefly distributed. If installed, this compromised version contained hidden code designed to steal sensitive credentials from various locations on a user's computer. The issue has since been addressed, and a clean version is available.

Why it matters

This is a critical vulnerability with a CVSS score of 9.8, indicating a severe risk to affected systems. It is particularly urgent because CISA has confirmed its use in known ransomware campaigns, meaning attackers are actively exploiting it to gain access and deploy malware. Stolen credentials can lead to widespread network compromise and significant data theft.

Recommended action

All users of Nx Console must immediately upgrade to version 18.100.0 or a later secure version to remove the malicious code and protect against credential theft. If upgrading is not possible, discontinue use of the product entirely to eliminate the risk. Additionally, follow any specific mitigation instructions provided by the vendor or CISA.

AI-generated from CISA and NVD data — treat as a starting point, not a substitute for your own risk assessment.

CISA Description

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes

This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w ; https://nvd.nist.gov/vuln/detail/CVE-2026-48027

NVD Technical Description

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services