QwikSec

Security Database

CVE

CWE

Training

CVE-2026-48027

Published: May 27, 2026

Modified: May 28, 2026

PUBLISHED

Description

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

Vendor	Product	Versions
nrwl	nx-console	affected `= 18.95.0`

Weaknesses (CWE)

References

https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w

x_refsource_CONFIRM

https://github.com/nrwl/nx-console/issues/3139

x_refsource_MISC

https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise

x_refsource_MISC

https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2026-48027 - Security Vulnerability | QwikSec