CVE-2026-48027 - Nx Console extension compromise
Nx Console 18.95.0 for VS Code and Open VSX was a malicious extension build.
The vendor postmortem records an exposure window from 2026-05-18 12:30 UTC
to 2026-05-18 13:09 UTC; NVD published CVE-2026-48027 on 2026-05-27 and
lists the issue in the CISA Known Exploited Vulnerabilities catalog. The fixed
path is to remove the compromised extension version, update to 18.100.0+,
and treat any workstation that activated 18.95.0 as potentially
credential-compromised.
This recipe is for repositories that control developer setup, devcontainers,
Codespaces, VS Code or Cursor recommendations, extension preinstall scripts,
VSIX caches, fleet images, or public extension publishing controls. The Nx CLI
nx npm package, official @nx/* packages, and Nx Cloud were not affected by
this CVE.
When to use it
Use this recipe when a repository controls developer editor setup, extension
recommendations, devcontainers, Codespaces, Cursor/Open VSX setup, VSIX caches,
fleet images, or public extension/package publishing workflows that could have
installed Nx Console 18.95.0. It is for developer-tooling supply-chain
incident response, not for the unaffected nx CLI package.
Use it to remove compromised pins, add extension-version guards, and produce a workstation/fleet credential-rotation packet without executing suspicious extension code.
Inputs
.vscode/extensions.json,.devcontainer/devcontainer.json, Codespaces settings, Cursor/Windsurf docs, dotfiles, Dockerfiles, base-image scripts, workstation bootstrap scripts, Open VSX config, cached.vsixfiles, fleet policy, and CI images used for developer workspaces.- Extension inventory for VS Code, Cursor, Open VSX-compatible editors, remote server installs, and developer images.
- Evidence of any
nrwl.angular-console@18.95.0install, recommendation, cache, preloaded image, or auto-update exposure during 2026-05-18 12:30-13:09 UTC. - Credential class inventory reachable from affected environments: GitHub,
npm/PyPI/package registries, cloud, Vault, Kubernetes, Docker, SSH, database,
.env, password-manager CLI, and CI/CD credentials. - Public extension/package publishing workflows, release environment approvals, short-lived credential controls, and audit-log monitoring owned by the repository.
Affected versions
- Affected extension: Nx Console for VS Code / Open VSX
- Affected extension ID: commonly installed as
nrwl.angular-console - Vulnerable version:
18.95.0exactly - Fixed version:
18.100.0+ - Affected editors: VS Code and compatible forks that can install the VS Code or Open VSX extension, including Cursor
- CISA KEV: yes; required action is to apply vendor mitigations or discontinue use when mitigations are unavailable
Indicator-of-exposure
- A repository-controlled setup path installs or recommends Nx Console
18.95.0, including.vscode/extensions.json,.devcontainerconfig, Codespaces settings, fleet images, bootstrap scripts, dotfiles, VS Code--install-extensioncommands, Cursor--install-extensioncommands, Open VSX setup, or cached.vsixartifacts. - A developer had Nx Console installed with auto-update enabled during the vendor exposure window.
- Extension inventory shows
nrwl.angular-console@18.95.0. - Compromise indicators from the vendor advisory are present on a machine that
could access source code, GitHub tokens, npm tokens, cloud credentials, Vault,
Kubernetes, SSH keys, Docker credentials,
.envfiles, or 1Password CLI sessions. - This repository owns a VS Code extension, package, or marketplace publishing workflow that can release publicly from a single compromised maintainer or token.
Quick checks:
rg -n "nrwl\.angular-console|Nx Console|angular-console|open-vsx|openvsx|vsix|extensions\.json|customizations\.vscode\.extensions|--install-extension|18\.95\.0" .
code --list-extensions --show-versions | rg "nrwl\.angular-console@18\.95\.0" || true
cursor --list-extensions --show-versions | rg "nrwl\.angular-console@18\.95\.0" || true
find ~/.vscode ~/.vscode-server ~/.cursor ~/.cursor-server -maxdepth 5 -iname "*angular-console*18.95.0*" 2>/dev/null
Windows:
rg -n "nrwl\.angular-console|Nx Console|angular-console|open-vsx|openvsx|vsix|extensions\.json|customizations\.vscode\.extensions|--install-extension|18\.95\.0" .
code --list-extensions --show-versions | Select-String "nrwl\.angular-console@18\.95\.0"
cursor --list-extensions --show-versions | Select-String "nrwl\.angular-console@18\.95\.0"
Get-ChildItem "$env:USERPROFILE\.vscode","$env:USERPROFILE\.cursor","$env:USERPROFILE\.vscode-server","$env:USERPROFILE\.cursor-server" -Recurse -ErrorAction SilentlyContinue |
Where-Object { $_.FullName -match "angular-console.*18\.95\.0" }
Do not execute suspicious files, read secret values, run unknown extension code, or collect broad filesystem snapshots during triage.
Remediation strategy
- Remove every repository-controlled install, cache, image layer,
.vsix, or version pin that can install Nx Console18.95.0. - Update repository-controlled developer setup to require Nx Console
18.100.0+or to recommend the extension without a compromised-version pin. - Add a policy check for developer images, bootstrap scripts, and extension
recommendation files that fails if
18.95.0appears. - If a controlled developer image or workstation activated the malicious extension, isolate or rebuild it and rotate every credential reachable from that environment. Secret names may be recorded; secret values must not be.
- Audit GitHub, npm, cloud, Vault, Kubernetes, Docker, package-registry, and SSH activity for accounts that were reachable from affected workstations.
- Where this repository owns public extension or package publishing, require protected release environments, non-triggering-user approval, and at least two authorized approvers before marketplace publication.
- If the repository relies on
pnpm minimum-release-ageas a supply-chain control, verify the configured pnpm version actually supports and enforces that setting; do not assume unknown config keys fail closed.
The prompt
You are remediating CVE-2026-48027 / GHSA-c9j4-9m59-847w, the compromised Nx
Console VS Code extension version `18.95.0`. Produce exactly one output:
- A reviewer-ready PR/change request that removes or blocks the compromised
extension version, updates repository-controlled setup to Nx Console
`18.100.0+`, adds safe extension-version checks, refreshes generated
artifacts, and documents operator credential-rotation actions, or
- TRIAGE.md if this repository does not control any affected editor extension
recommendation, install path, dev image, VSIX cache, developer fleet policy,
publishing workflow, or incident-response runbook.
## Rules
- Scope only CVE-2026-48027 / GHSA-c9j4-9m59-847w and directly related
developer-tooling supply-chain controls.
- Treat developer machines, source checkouts, local editor state, SSH keys,
GitHub tokens, npm/PyPI/package tokens, cloud credentials, Vault tokens,
Kubernetes tokens, Docker credentials, `.env` files, 1Password CLI sessions,
CI secrets, audit logs, and private repository names as sensitive.
- Do not run suspicious extension code, execute `cat.py`, invoke persistence
artifacts, decode malware, collect broad home-directory archives, print
secret values, or upload forensic artifacts to the PR.
- Do not claim a workstation is clean only because repository files do not pin
the affected extension.
- Do not remove developer setup, extension recommendations, or release controls
just to silence the advisory.
- Do not auto-merge.
## Steps
1. Inventory every repository-controlled place that can install, recommend, or
cache VS Code-compatible extensions: `.vscode/extensions.json`,
`.devcontainer/devcontainer.json`, Codespaces settings, Cursor/Windsurf
setup docs, dotfiles, Dockerfiles, base-image scripts, workstation bootstrap
scripts, Open VSX configuration, checked-in `.vsix` files, fleet-management
policy, and CI images used for developer workspaces.
2. Search for Nx Console references: `nrwl.angular-console`, `Nx Console`,
`angular-console`, Open VSX URLs, marketplace URLs, `--install-extension`,
and version `18.95.0`.
3. Determine whether any controlled editor inventory resolves
`nrwl.angular-console@18.95.0`. A target is exposed if it installs or
preserves that version, even if the repository itself does not use Nx.
4. If the repository does not control any affected install path, stop with
`TRIAGE.md` listing checked files, the external owner of developer-machine
response, and the required safe version `18.100.0+`.
5. Remove compromised pins and cached VSIX artifacts. Update controlled setup
to install Nx Console `18.100.0+` or to recommend the extension without a
stale version pin. Refresh devcontainer locks, image metadata, generated
setup docs, SBOMs, and extension inventory artifacts.
6. Add safe regression checks where this repository owns setup automation:
- repository files must not contain `nrwl.angular-console@18.95.0` or
checked-in VSIX artifacts for version `18.95.0`;
- developer images that preinstall extensions must report
`nrwl.angular-console` absent or `>=18.100.0`;
- bootstrap scripts must fail closed if the local extension inventory
reports `18.95.0`;
- validation output must omit secret values and home-directory file
contents.
7. If affected developer machines, devcontainers, or fleet images may have
activated the malicious extension, add operator guidance instead of trying to
repair machines through the PR:
- isolate or rebuild affected machines and images;
- kill suspicious persistence processes only through approved IR steps;
- remove persistence artifacts named by the vendor advisory;
- rotate GitHub, npm, PyPI, cloud, Vault, Kubernetes, Docker, SSH, database,
and password-manager-issued credentials reachable during the exposure
window;
- review GitHub, package-registry, cloud, CI/CD, and source-hosting audit
logs for the affected identities.
8. Where this repository owns public extension, package, or marketplace
publishing workflows, harden release paths that could repeat the incident:
protected environments, non-triggering-user approval, two authorized
approvers for public publishes, short-lived credentials, provenance checks,
and audit-log monitoring for workflow deletion or unexpected release runs.
9. If the repository uses `pnpm minimum-release-age` or similar delayed-install
controls, verify the package-manager version supports the setting and add a
CI guard that fails when the runtime silently ignores the policy.
10. Add a PR body section named `CVE-2026-48027 operator actions` that states:
- whether Nx Console `18.95.0` was installed, recommended, cached, or
preloaded by repository-controlled setup;
- the fixed Nx Console version or removal decision;
- which editor families were checked, including VS Code, Open VSX, and
Cursor where relevant;
- which developer-machine or fleet owner must perform isolation, rebuild,
credential rotation, and audit-log review;
- which secret classes may have been reachable, by class name only;
- which validation commands passed and which unrelated failures remain.
11. Run available validation: repository search, extension-inventory guard,
devcontainer or image build, setup-script tests, docs link checks, SBOM
refresh, workflow lint, and dependency/security scans.
12. Use PR title:
`fix(sec): remediate CVE-2026-48027 in Nx Console setup`.
## Stop conditions
- No repository-controlled extension recommendation, install path, dev image,
VSIX cache, fleet policy, or publishing workflow is affected.
- Affected extension state exists only on personal developer machines outside
repository automation; document the owner and required IR actions in
`TRIAGE.md`.
- Verification would require executing suspicious extension code, reading
secret values, dumping developer home directories, collecting private audit
logs, or touching machines outside the agent's approved scope.
- A fixed developer image cannot be built without a broader platform migration.
- Validation fails for unrelated pre-existing reasons; document those failures
instead of broadening scope.
Verification - what the reviewer looks for
- Repository-controlled extension recommendations, setup scripts,
devcontainers, images, and cached artifacts no longer install Nx Console
18.95.0. - Any controlled Nx Console install resolves to
18.100.0+. - A regression check fails if
18.95.0is reintroduced. - The PR does not execute malware, read secret values, upload forensic artifacts, or overstate the cleanliness of developer machines.
- Operator notes clearly name who owns workstation isolation, image rebuilds, credential rotation, and audit-log review.
- Public-publishing workflows owned by the repository have human approval and short-lived credential controls where they are in scope.
Watch for
- Confusing this extension compromise with the unaffected
nxnpm package, official@nx/*packages, or Nx Cloud. - Updating VS Code recommendations while devcontainer images, Open VSX setup,
Cursor setup, or cached VSIX artifacts still carry
18.95.0. - Treating a clean repository search as proof that developer machines were not exposed during the auto-update window.
- Rotating GitHub tokens but missing npm, cloud, Vault, Kubernetes, Docker, SSH, database, and password-manager-issued credentials.
- Leaving marketplace or package publishing as a single-actor workflow with long-lived credentials.
Output contract
Return one of:
- A reviewer-ready PR/change request that removes or blocks Nx Console
18.95.0, updates controlled setup to18.100.0+or an unpinned safe recommendation, adds extension-version guards, refreshes generated developer-image artifacts, hardens owned publishing workflows, and documents operator credential-rotation actions. TRIAGE.mdwhen no controlled extension recommendation, install path, dev image, VSIX cache, fleet policy, publishing workflow, or incident runbook is in scope.
The output must list editor families checked, whether 18.95.0 was installed
or cached by controlled setup, fixed version/removal decision, validation
commands, affected developer-machine or fleet owner, secret classes reachable
by class name only, and required isolation/rebuild/rotation/audit actions. It
must not execute malware, read secret values, upload forensic artifacts, dump
home directories, or claim developer machines are clean from repository-only
evidence.
Related recipes
- Source-code supply chain build integrity audit
- CVE-2026-45321 - TanStack npm supply-chain compromise
- Source-code secrets data exposure audit
References
- GitHub Advisory: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
- Nx postmortem: https://nx.dev/blog/nx-console-v18-95-0-postmortem
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48027
- CISA KEV entry: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48027
- StepSecurity analysis: https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised