top of page
perceptive_background_267k.jpg

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched a…

Published:

27 May 2026 at 00:00:00

Alert date:

27 May 2026 at 18:07:10

Source:

cisa.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies

CVE-2026-48027 affects Nx Console, a popular development tool extension. A malicious version of Nx Console was published containing embedded malicious code. The compromised extension downloaded an obfuscated payload designed to harvest credentials from multiple sources including disk storage and system memory. This represents a supply chain attack targeting developers who installed the malicious version of the extension. The vulnerability demonstrates the risks associated with third-party extensions and the potential for credential theft through compromised development tools.

Technical details

Mitigation steps:

Affected products:

Nx Console

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-48027
https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page