ON 27 May 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2026‑48027 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects Nx Console, a development‑tool extension produced by Nx. The vulnerability, named the Nx Console Embedded Malicious Code Vulnerability, allows a compromised version of the extension to fetch an obfuscated payload that harvests credentials from disk and memory.
CVE‑2026‑48027 is a supply‑chain weakness that enables an attacker to publish a malicious Nx Console package. Once installed, the extension executes code that retrieves an obfuscated payload capable of stealing credentials stored locally and in process memory. The Common Vulnerability Scoring System (CVSS) v3.1 score is 9.3, rated Critical. No public patch or advisory has been released at the time of writing.
Because the entry appears in the KEV catalogue, active exploitation in the wild has been confirmed. There is no public indication that this vulnerability has been used in ransomware campaigns. CISA has set a remediation deadline of 10 June 2026 for Federal Civilian Executive Branch (FCEB) agencies to address the issue.
CISA requires FCEB agencies to apply mitigations per vendor instructions, follow applicable Binding Operational Directive (BOD) 22‑01 guidance for cloud services, or discontinue use of Nx Console if mitigations are unavailable. While the directive binds only FCEB entities, all organisations should review their use of Nx Console and apply any available mitigations or consider removing the extension. Organisations should also monitor vendor communications for any future patches.
For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-48027 and the CISA KEV catalogue.