CVE-2026-48027
Nx Console Embedded Malicious Code Vulnerability
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-06-10.
8 articles across 4 outlets · first covered May 27, 2026 · latest May 28, 2026
Coverage timeline
-
CISA warns of Daemon Tools, TanStack and Nx Console flawssecurityaffairs.com · May 28, 2026
-
State-Sponsored Actors Operationalize ROADtools Framework in Cloud Campaignssecurityonline.info · May 28, 2026
-
Showboat malware leverages critical CVEs to spy on telecomssecurityonline.info · May 28, 2026
-
FortiClient EMS flaw used to drop EKZ Infostealer via fake updatessecurityonline.info · May 28, 2026
-
Active exploits found today hide malicious code in popular toolssecurityonline.info · May 28, 2026
-
Motorola Fixes Amazon App Redirect Bug After Smart Feed Abusesecurityonline.info · May 28, 2026
-
CVE‑2026‑48027 Compromises Nx Console, Leads to Credential Theftwww.cisa.gov · May 28, 2026
-
CVE‑2026‑48027 Compromises Nx Console, Leads to Credential Theftcisa.gov · May 27, 2026