[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-48027":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-28T13:18:46.456Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":250,"aliases":260,"duplicate_of":9,"upstream":261,"downstream":262,"duplicates":263,"related":264,"reserved_at":9,"published_at":265,"modified_at":266,"state":267,"summary":268,"references_raw":278,"kevs":308,"epss":319,"epss_history":322,"metrics":324,"affected":335},"CVE-2026-48027","Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-506","Embedded Malicious Code","The product contains code that appears to be malicious in nature.","weakness","Incomplete","Class",[19,64,79],{"id":20,"name":21,"techniques":22},"CAPEC-442","Infected Software",[23,50],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1195.001","Compromise Software Dependencies and Development Tools",[27],{"id":28,"name":29},"TA0108","Initial Access",[31,36,40,45],{"id":32,"name":33,"tactic":34},"D3-SWI","Software Inventory",{"name":35},"Model",{"id":37,"name":38,"tactic":39},"D3-AVE","Asset Vulnerability Enumeration",{"name":35},{"id":41,"name":42,"tactic":43},"D3-SU","Software Update",{"name":44},"Harden",{"id":46,"name":47,"tactic":48},"D3-RS","Restore Software",{"name":49},"Restore",{"id":51,"name":52,"tactics":53,"countermeasures":55},"T1195.002","Compromise Software Supply Chain",[54],{"id":28,"name":29},[56,58,60,62],{"id":32,"name":33,"tactic":57},{"name":35},{"id":37,"name":38,"tactic":59},{"name":35},{"id":41,"name":42,"tactic":61},{"name":44},{"id":46,"name":47,"tactic":63},{"name":49},{"id":65,"name":66,"techniques":67},"CAPEC-448","Embed Virus into DLL",[68],{"id":69,"name":70,"tactics":71,"countermeasures":78},"T1027.009","Embedded Payloads",[72,75],{"id":73,"name":74},"TA0030","Defense Evasion",{"id":76,"name":77},"TA0005","Stealth",[],{"id":80,"name":81,"techniques":82},"CAPEC-636","Hiding Malicious Data or Code within Files",[83,137,143,212,243],{"id":84,"name":85,"tactics":86,"countermeasures":90},"T1001.002","Steganography",[87],{"id":88,"name":89},"TA0101","Command and Control",[91,96,100,104,108,112,116,120,124,128,133],{"id":92,"name":93,"tactic":94},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":95},"Detect",{"id":97,"name":98,"tactic":99},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":95},{"id":101,"name":102,"tactic":103},"D3-CSPP","Client-server Payload Profiling",{"name":95},{"id":105,"name":106,"tactic":107},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":95},{"id":109,"name":110,"tactic":111},"D3-NTSA","Network Traffic Signature Analysis",{"name":95},{"id":113,"name":114,"tactic":115},"D3-APCA","Application Protocol Command Analysis",{"name":95},{"id":117,"name":118,"tactic":119},"D3-NTCD","Network Traffic Community Deviation",{"name":95},{"id":121,"name":122,"tactic":123},"D3-RTSD","Remote Terminal Session Detection",{"name":95},{"id":125,"name":126,"tactic":127},"D3-RPA","Relay Pattern Analysis",{"name":95},{"id":129,"name":130,"tactic":131},"D3-NTF","Network Traffic Filtering",{"name":132},"Isolate",{"id":134,"name":135,"tactic":136},"D3-OTF","Outbound Traffic Filtering",{"name":132},{"id":138,"name":85,"tactics":139,"countermeasures":142},"T1027.003",[140,141],{"id":73,"name":74},{"id":76,"name":77},[],{"id":144,"name":145,"tactics":146,"countermeasures":149},"T1027.004","Compile After Delivery",[147,148],{"id":73,"name":74},{"id":76,"name":77},[150,154,158,162,166,171,176,180,184,188,192,196,200,204,208],{"id":151,"name":152,"tactic":153},"D3-FA","File Analysis",{"name":95},{"id":155,"name":156,"tactic":157},"D3-FIM","File Integrity Monitoring",{"name":95},{"id":159,"name":160,"tactic":161},"D3-DA","Dynamic Analysis",{"name":95},{"id":163,"name":164,"tactic":165},"D3-EFA","Emulated File Analysis",{"name":95},{"id":167,"name":168,"tactic":169},"D3-FEV","File Eviction",{"name":170},"Evict",{"id":172,"name":173,"tactic":174},"D3-DF","Decoy File",{"name":175},"Deceive",{"id":177,"name":178,"tactic":179},"D3-FE","File Encryption",{"name":44},{"id":181,"name":182,"tactic":183},"D3-RF","Restore File",{"name":49},{"id":185,"name":186,"tactic":187},"D3-CF","Content Filtering",{"name":132},{"id":189,"name":190,"tactic":191},"D3-LFP","Local File Permissions",{"name":132},{"id":193,"name":194,"tactic":195},"D3-RFAM","Remote File Access Mediation",{"name":132},{"id":197,"name":198,"tactic":199},"D3-CQ","Content Quarantine",{"name":132},{"id":201,"name":202,"tactic":203},"D3-CM","Content Modification",{"name":132},{"id":205,"name":206,"tactic":207},"D3-EAL","Executable Allowlisting",{"name":132},{"id":209,"name":210,"tactic":211},"D3-EDL","Executable Denylisting",{"name":132},{"id":213,"name":214,"tactics":215,"countermeasures":218},"T1218.001","Compiled HTML File",[216,217],{"id":73,"name":74},{"id":76,"name":77},[219,223,227,231,235,237,239],{"id":220,"name":221,"tactic":222},"D3-SCA","System Call Analysis",{"name":95},{"id":224,"name":225,"tactic":226},"D3-FCA","File Creation Analysis",{"name":95},{"id":228,"name":229,"tactic":230},"D3-PSA","Process Spawn Analysis",{"name":95},{"id":232,"name":233,"tactic":234},"D3-SCF","System Call Filtering",{"name":132},{"id":205,"name":206,"tactic":236},{"name":132},{"id":209,"name":210,"tactic":238},{"name":132},{"id":240,"name":241,"tactic":242},"D3-HBPI","Hardware-based Process Isolation",{"name":132},{"id":244,"name":245,"tactics":246,"countermeasures":249},"T1221","Template Injection",[247,248],{"id":73,"name":74},{"id":76,"name":77},[],[251],{"_key":252,"name":253,"source":254,"url":255,"maturity":256,"reliability_score":257,"verified":258,"type":9,"platforms":259,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_D49E02B1AFD7A161","Exploit Reference (stepsecurity.io)","reference","https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised","unknown",0.2,false,[],[],[],[],[],[],"2026-05-27T15:50:01.143Z","2026-05-28T03:55:41.841Z","Analyzed",{"cisa_kev":269,"cisa_ransomware":258,"cisa_vendor":270,"epss_severity":271,"epss_score":272,"severity":273,"severity_score":274,"severity_version":275,"severity_source":276,"severity_vector":277,"severity_status":267},true,"Nx","high",0.26849,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[279,287,293,297,302],{"url":280,"sources":281,"tags":283},"https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w",[282,276],"cve.org",[284,285,286],"X Refsource CONFIRM","Mitigation","Vendor Advisory",{"url":288,"sources":289,"tags":290},"https://github.com/nrwl/nx-console/issues/3139",[282,276],[291,292],"X Refsource MISC","Issue Tracking",{"url":294,"sources":295,"tags":296},"https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise",[282,276],[291,286],{"url":255,"sources":298,"tags":299},[282,276],[291,300,301],"Exploit","Third Party Advisory",{"url":303,"sources":304,"tags":305},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027",[282,276],[306,307],"Government Resource","US Government Resource",[309],{"source":310,"vendor":270,"product":311,"date_added":312,"vulnerability_name":313,"short_description":314,"required_action":315,"due_date":316,"known_ransomware_campaign_use":317,"notes":318,"exploitation_type":9},"cisa","Nx Console","2026-05-27","Nx Console Embedded Malicious Code Vulnerability","Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-06-10","Unknown","This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w ; https://nvd.nist.gov/vuln/detail/CVE-2026-48027",{"date":320,"score":272,"percentile":321},"2026-05-28",0.96438,[323],{"date":320,"score":272,"percentile":321},[325,330],{"source":282,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":326},{"baseScore":327,"baseSeverity":328,"vectorString":329,"impactScore":9,"exploitabilityScore":9},9.3,"CRITICAL","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",{"source":276,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":331,"cvss_v4_0":333},{"baseScore":274,"baseSeverity":328,"vectorString":277,"impactScore":274,"exploitabilityScore":332},10,{"baseScore":327,"baseSeverity":328,"vectorString":334,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[336,344],{"ecosystem":9,"name":337,"vendor":338,"product":337,"cpe_part":339,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":340},"nx-console","nrwl","a",[341],{"version":342,"is_range":258,"range_type":282,"version_start":342,"version_start_type":343,"version_end":342,"version_end_type":343,"fixed_in":9},"= 18.95.0","including",{"ecosystem":9,"name":345,"vendor":346,"product":347,"cpe_part":339,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":348},"nx console","nx","nx_console",[349],{"version":350,"is_range":258,"range_type":351,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.95.0","cpe"]