May 27, 2026 · Applied Cybernetics Group
CVE-2026-48027 — Nx Nx Console
known ransomware use
Nx Console Embedded Malicious Code Vulnerability
- Added to KEV
2026-05-27- Federal due date
2026-06-10- Vendor
- Nx
- Product
- Nx Console
- EPSS
- 96.9th percentile (score 0.321, as of
2026-06-08) - NVD CVSS v3.1
- 9.8 (CRITICAL)
- Ransomware use
- Known
- Upstream
- https://nvd.nist.gov/vuln/detail/CVE-2026-48027
CISA short description
Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NVD description
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.