CVE-2026-48027
Compromised Nx Console version 18.95.0
In short
A malicious version of Nx Console (18.95.0) was briefly published on extension marketplaces for about 18–36 minutes before removal. If installed during this window, it could compromise your development environment and system security.
Technical detail
CWE-506 (Embedded Malicious Code): A trojanized Nx Console 18.95.0 was distributed via Visual Studio Marketplace (18 min exposure) and OpenVSX (36 min exposure). The compromised extension could execute arbitrary code within the IDE and user's development workflows. Remediation requires upgrading to version 18.100.0 or later.
Summary generated and translated by AI from the official description.
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
nrwl · nx-consoleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/nrwl/nx-console/issues/3139https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847whttps://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromisehttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised