Malicious Code Injection in Nx Console by Nx and Lerna

CVE-2026-48027

What is CVE-2026-48027?

CVE-2026-48027 is a significant vulnerability found in Nx Console, a widely used user interface for managing projects built with Nx and Lerna. This vulnerability arises from a malicious code injection in a compromised version of the software, specifically version 18.95.0, which was available for a brief period. The exploit situation emerged due to the unfortunate publication of this malicious version on the Visual Studio Marketplace and OpenVSX, potentially allowing attackers to execute harmful code within user environments. The short window of availability raises concerns about the rapid spread of this malicious version, making it crucial for organizations using Nx Console to remain vigilant about software integrity and updates. The safe version, 18.100.0, can mitigate these risks by removing the compromised code.

Potential Impact of CVE-2026-48027

1. Malicious Code Execution: The primary risk associated with this vulnerability is the potential for unauthorized code execution within the user's development environment, enabling attackers to perform harmful operations that could compromise data integrity and security.

2. Data Breaches: Exploiting this vulnerability may grant attackers access to sensitive project data, leading to significant data breaches that could expose confidential information to competitors or malicious entities.

3. Reputation Damage: Organizations that fail to patch this vulnerability and subsequently experience an incident may suffer severe reputational harm, damaging relationships with clients and partners and impacting future business opportunities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

This is an advertDeploy the Patch →

References