CVE-2026-48027
CriticalSummary
Nx Console, the user interface for Nx and Lerna, had a malicious version 18.95.0 available for about 18 minutes in Visual Studio Marketplace and about 36 minutes in OpenVSX. Users should upgrade to version 18.100.0, which is not compromised.
Risk Assessment
Installing the malicious version of Nx Console may lead to serious security threats, including potential system takeover by an attacker. Organizations should immediately update their software to minimize risk.
Recommendation
It is recommended to immediately upgrade to version 18.100.0 of Nx Console to eliminate any threats associated with the installed malicious version.
Original NVD description (English source)
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

