CVE-2026-48027 — Nx Console Embedded Malicious Code Vulnerability

Description

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

How to fix CVE-2026-48027

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2026-48027 being exploited?

Yes — CVE-2026-48027 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.