9.8

CVE-2026-48027

Warnung
Medienbericht
Exploit

Compromised Nx Console version 18.95.0

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NxNx Console Version18.95.0 SwPlatformvisual_studio_code

27.05.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Nx Console Embedded Malicious Code Vulnerability

Schwachstelle

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 9.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-506 Embedded Malicious Code

The product contains code that appears to be malicious in nature.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:46
https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
Vendor Advisory
Mitigation
https://github.com/nrwl/nx-console/issues/3139
Issue Tracking
https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise
Vendor Advisory
https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised
Third Party Advisory
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027
US Government Resource