CVE-2026-48027

Confirmed PUBLISHED

Compromised Nx Console version 18.95.0

nrwl · nx-console

6 days faster than CISA KEV

Exploited in the wild Used in malware

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.3 Critical EPSS 1.8%

At a Glance

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

cisa malware
CVE Published
May 27, 2026
Exploitation Reported
Jun 01, 2026
CVSS
9.3 Critical
EPSS
1.8%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
nrwl
nx-console

= 18.95.0

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.