Main Vulnerability Database Vulnerabilities #VU132671

Embedded malicious code in Nx Console VSCode Extension - CVE-2026-48027

Published: May 28, 2026

Vulnerability identifier: #VU132671

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2026-48027

CWE-ID: CWE-506

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Nx

Affected software:
Nx Console VSCode Extension

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to the system.

The vulnerability exists due to presence of malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application. The affected version was compromised on May 19, 2026 and was distributed through the Visual Studio Marketplace for around 18 minutes and around 36 minutes through OpenVSX.

How to mitigate CVE-2026-48027

Install updates from vendor's website.

Embedded malicious code in Nx Console VSCode Extension - CVE-2026-48027

Detailed vulnerability description

How to mitigate CVE-2026-48027

Sources

Please verify you're human