# CVE-2026-48027

> Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.

- **CVSS:** 9.3
- **EPSS:** 26.8%
- **CISA KEV:** yes (known ransomware use)
- **CWE:** CWE-506

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-48027
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp