9.8
CVE-2026-48027
- EPSS 1.85%
- Veröffentlicht 27.05.2026 15:50:01
- Zuletzt bearbeitet 27.05.2026 20:34:24
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Compromised Nx Console version 18.95.0
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nx ≫ Nx Console Version18.95.0 SwPlatformvisual_studio_code
27.05.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Nx Console Embedded Malicious Code Vulnerability
SchwachstelleNx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.85% | 0.763 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-506 Embedded Malicious Code
The product contains code that appears to be malicious in nature.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
https://github.com/nrwl/nx-console/issues/3139
https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise
https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027