CVE-2026-48027 - Nx Console extension compromise

Nx Console 18.95.0 for VS Code and Open VSX was a malicious extension build. The vendor postmortem records an exposure window from 2026-05-18 12:30 UTC to 2026-05-18 13:09 UTC; NVD published CVE-2026-48027 on 2026-05-27 and lists the issue in the CISA Known Exploited Vulnerabilities catalog. The fixed path is to remove the compromised extension version, update to 18.100.0+, and treat any workstation that activated 18.95.0 as potentially credential-compromised.

This recipe is for repositories that control developer setup, devcontainers, Codespaces, VS Code or Cursor recommendations, extension preinstall scripts, VSIX caches, fleet images, or public extension publishing controls. The Nx CLI nx npm package, official @nx/* packages, and Nx Cloud were not affected by this CVE.

When to use it

Use this recipe when a repository controls developer editor setup, extension recommendations, devcontainers, Codespaces, Cursor/Open VSX setup, VSIX caches, fleet images, or public extension/package publishing workflows that could have installed Nx Console 18.95.0. It is for developer-tooling supply-chain incident response, not for the unaffected nx CLI package.

Use it to remove compromised pins, add extension-version guards, and produce a workstation/fleet credential-rotation packet without executing suspicious extension code.

Inputs

  • .vscode/extensions.json, .devcontainer/devcontainer.json, Codespaces settings, Cursor/Windsurf docs, dotfiles, Dockerfiles, base-image scripts, workstation bootstrap scripts, Open VSX config, cached .vsix files, fleet policy, and CI images used for developer workspaces.
  • Extension inventory for VS Code, Cursor, Open VSX-compatible editors, remote server installs, and developer images.
  • Evidence of any nrwl.angular-console@18.95.0 install, recommendation, cache, preloaded image, or auto-update exposure during 2026-05-18 12:30-13:09 UTC.
  • Credential class inventory reachable from affected environments: GitHub, npm/PyPI/package registries, cloud, Vault, Kubernetes, Docker, SSH, database, .env, password-manager CLI, and CI/CD credentials.
  • Public extension/package publishing workflows, release environment approvals, short-lived credential controls, and audit-log monitoring owned by the repository.

Affected versions

  • Affected extension: Nx Console for VS Code / Open VSX
  • Affected extension ID: commonly installed as nrwl.angular-console
  • Vulnerable version: 18.95.0 exactly
  • Fixed version: 18.100.0+
  • Affected editors: VS Code and compatible forks that can install the VS Code or Open VSX extension, including Cursor
  • CISA KEV: yes; required action is to apply vendor mitigations or discontinue use when mitigations are unavailable

Indicator-of-exposure

  • A repository-controlled setup path installs or recommends Nx Console 18.95.0, including .vscode/extensions.json, .devcontainer config, Codespaces settings, fleet images, bootstrap scripts, dotfiles, VS Code --install-extension commands, Cursor --install-extension commands, Open VSX setup, or cached .vsix artifacts.
  • A developer had Nx Console installed with auto-update enabled during the vendor exposure window.
  • Extension inventory shows nrwl.angular-console@18.95.0.
  • Compromise indicators from the vendor advisory are present on a machine that could access source code, GitHub tokens, npm tokens, cloud credentials, Vault, Kubernetes, SSH keys, Docker credentials, .env files, or 1Password CLI sessions.
  • This repository owns a VS Code extension, package, or marketplace publishing workflow that can release publicly from a single compromised maintainer or token.

Quick checks:

rg -n "nrwl\.angular-console|Nx Console|angular-console|open-vsx|openvsx|vsix|extensions\.json|customizations\.vscode\.extensions|--install-extension|18\.95\.0" .
code --list-extensions --show-versions | rg "nrwl\.angular-console@18\.95\.0" || true
cursor --list-extensions --show-versions | rg "nrwl\.angular-console@18\.95\.0" || true
find ~/.vscode ~/.vscode-server ~/.cursor ~/.cursor-server -maxdepth 5 -iname "*angular-console*18.95.0*" 2>/dev/null

Windows:

rg -n "nrwl\.angular-console|Nx Console|angular-console|open-vsx|openvsx|vsix|extensions\.json|customizations\.vscode\.extensions|--install-extension|18\.95\.0" .
code --list-extensions --show-versions | Select-String "nrwl\.angular-console@18\.95\.0"
cursor --list-extensions --show-versions | Select-String "nrwl\.angular-console@18\.95\.0"
Get-ChildItem "$env:USERPROFILE\.vscode","$env:USERPROFILE\.cursor","$env:USERPROFILE\.vscode-server","$env:USERPROFILE\.cursor-server" -Recurse -ErrorAction SilentlyContinue |
  Where-Object { $_.FullName -match "angular-console.*18\.95\.0" }

Do not execute suspicious files, read secret values, run unknown extension code, or collect broad filesystem snapshots during triage.

Remediation strategy

  • Remove every repository-controlled install, cache, image layer, .vsix, or version pin that can install Nx Console 18.95.0.
  • Update repository-controlled developer setup to require Nx Console 18.100.0+ or to recommend the extension without a compromised-version pin.
  • Add a policy check for developer images, bootstrap scripts, and extension recommendation files that fails if 18.95.0 appears.
  • If a controlled developer image or workstation activated the malicious extension, isolate or rebuild it and rotate every credential reachable from that environment. Secret names may be recorded; secret values must not be.
  • Audit GitHub, npm, cloud, Vault, Kubernetes, Docker, package-registry, and SSH activity for accounts that were reachable from affected workstations.
  • Where this repository owns public extension or package publishing, require protected release environments, non-triggering-user approval, and at least two authorized approvers before marketplace publication.
  • If the repository relies on pnpm minimum-release-age as a supply-chain control, verify the configured pnpm version actually supports and enforces that setting; do not assume unknown config keys fail closed.

The prompt

You are remediating CVE-2026-48027 / GHSA-c9j4-9m59-847w, the compromised Nx
Console VS Code extension version `18.95.0`. Produce exactly one output:

- A reviewer-ready PR/change request that removes or blocks the compromised
  extension version, updates repository-controlled setup to Nx Console
  `18.100.0+`, adds safe extension-version checks, refreshes generated
  artifacts, and documents operator credential-rotation actions, or
- TRIAGE.md if this repository does not control any affected editor extension
  recommendation, install path, dev image, VSIX cache, developer fleet policy,
  publishing workflow, or incident-response runbook.

## Rules

- Scope only CVE-2026-48027 / GHSA-c9j4-9m59-847w and directly related
  developer-tooling supply-chain controls.
- Treat developer machines, source checkouts, local editor state, SSH keys,
  GitHub tokens, npm/PyPI/package tokens, cloud credentials, Vault tokens,
  Kubernetes tokens, Docker credentials, `.env` files, 1Password CLI sessions,
  CI secrets, audit logs, and private repository names as sensitive.
- Do not run suspicious extension code, execute `cat.py`, invoke persistence
  artifacts, decode malware, collect broad home-directory archives, print
  secret values, or upload forensic artifacts to the PR.
- Do not claim a workstation is clean only because repository files do not pin
  the affected extension.
- Do not remove developer setup, extension recommendations, or release controls
  just to silence the advisory.
- Do not auto-merge.

## Steps

1. Inventory every repository-controlled place that can install, recommend, or
   cache VS Code-compatible extensions: `.vscode/extensions.json`,
   `.devcontainer/devcontainer.json`, Codespaces settings, Cursor/Windsurf
   setup docs, dotfiles, Dockerfiles, base-image scripts, workstation bootstrap
   scripts, Open VSX configuration, checked-in `.vsix` files, fleet-management
   policy, and CI images used for developer workspaces.
2. Search for Nx Console references: `nrwl.angular-console`, `Nx Console`,
   `angular-console`, Open VSX URLs, marketplace URLs, `--install-extension`,
   and version `18.95.0`.
3. Determine whether any controlled editor inventory resolves
   `nrwl.angular-console@18.95.0`. A target is exposed if it installs or
   preserves that version, even if the repository itself does not use Nx.
4. If the repository does not control any affected install path, stop with
   `TRIAGE.md` listing checked files, the external owner of developer-machine
   response, and the required safe version `18.100.0+`.
5. Remove compromised pins and cached VSIX artifacts. Update controlled setup
   to install Nx Console `18.100.0+` or to recommend the extension without a
   stale version pin. Refresh devcontainer locks, image metadata, generated
   setup docs, SBOMs, and extension inventory artifacts.
6. Add safe regression checks where this repository owns setup automation:
   - repository files must not contain `nrwl.angular-console@18.95.0` or
     checked-in VSIX artifacts for version `18.95.0`;
   - developer images that preinstall extensions must report
     `nrwl.angular-console` absent or `>=18.100.0`;
   - bootstrap scripts must fail closed if the local extension inventory
     reports `18.95.0`;
   - validation output must omit secret values and home-directory file
     contents.
7. If affected developer machines, devcontainers, or fleet images may have
   activated the malicious extension, add operator guidance instead of trying to
   repair machines through the PR:
   - isolate or rebuild affected machines and images;
   - kill suspicious persistence processes only through approved IR steps;
   - remove persistence artifacts named by the vendor advisory;
   - rotate GitHub, npm, PyPI, cloud, Vault, Kubernetes, Docker, SSH, database,
     and password-manager-issued credentials reachable during the exposure
     window;
   - review GitHub, package-registry, cloud, CI/CD, and source-hosting audit
     logs for the affected identities.
8. Where this repository owns public extension, package, or marketplace
   publishing workflows, harden release paths that could repeat the incident:
   protected environments, non-triggering-user approval, two authorized
   approvers for public publishes, short-lived credentials, provenance checks,
   and audit-log monitoring for workflow deletion or unexpected release runs.
9. If the repository uses `pnpm minimum-release-age` or similar delayed-install
   controls, verify the package-manager version supports the setting and add a
   CI guard that fails when the runtime silently ignores the policy.
10. Add a PR body section named `CVE-2026-48027 operator actions` that states:
    - whether Nx Console `18.95.0` was installed, recommended, cached, or
      preloaded by repository-controlled setup;
    - the fixed Nx Console version or removal decision;
    - which editor families were checked, including VS Code, Open VSX, and
      Cursor where relevant;
    - which developer-machine or fleet owner must perform isolation, rebuild,
      credential rotation, and audit-log review;
    - which secret classes may have been reachable, by class name only;
    - which validation commands passed and which unrelated failures remain.
11. Run available validation: repository search, extension-inventory guard,
    devcontainer or image build, setup-script tests, docs link checks, SBOM
    refresh, workflow lint, and dependency/security scans.
12. Use PR title:
    `fix(sec): remediate CVE-2026-48027 in Nx Console setup`.

## Stop conditions

- No repository-controlled extension recommendation, install path, dev image,
  VSIX cache, fleet policy, or publishing workflow is affected.
- Affected extension state exists only on personal developer machines outside
  repository automation; document the owner and required IR actions in
  `TRIAGE.md`.
- Verification would require executing suspicious extension code, reading
  secret values, dumping developer home directories, collecting private audit
  logs, or touching machines outside the agent's approved scope.
- A fixed developer image cannot be built without a broader platform migration.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.

Verification - what the reviewer looks for

  • Repository-controlled extension recommendations, setup scripts, devcontainers, images, and cached artifacts no longer install Nx Console 18.95.0.
  • Any controlled Nx Console install resolves to 18.100.0+.
  • A regression check fails if 18.95.0 is reintroduced.
  • The PR does not execute malware, read secret values, upload forensic artifacts, or overstate the cleanliness of developer machines.
  • Operator notes clearly name who owns workstation isolation, image rebuilds, credential rotation, and audit-log review.
  • Public-publishing workflows owned by the repository have human approval and short-lived credential controls where they are in scope.

Watch for

  • Confusing this extension compromise with the unaffected nx npm package, official @nx/* packages, or Nx Cloud.
  • Updating VS Code recommendations while devcontainer images, Open VSX setup, Cursor setup, or cached VSIX artifacts still carry 18.95.0.
  • Treating a clean repository search as proof that developer machines were not exposed during the auto-update window.
  • Rotating GitHub tokens but missing npm, cloud, Vault, Kubernetes, Docker, SSH, database, and password-manager-issued credentials.
  • Leaving marketplace or package publishing as a single-actor workflow with long-lived credentials.

Output contract

Return one of:

  • A reviewer-ready PR/change request that removes or blocks Nx Console 18.95.0, updates controlled setup to 18.100.0+ or an unpinned safe recommendation, adds extension-version guards, refreshes generated developer-image artifacts, hardens owned publishing workflows, and documents operator credential-rotation actions.
  • TRIAGE.md when no controlled extension recommendation, install path, dev image, VSIX cache, fleet policy, publishing workflow, or incident runbook is in scope.

The output must list editor families checked, whether 18.95.0 was installed or cached by controlled setup, fixed version/removal decision, validation commands, affected developer-machine or fleet owner, secret classes reachable by class name only, and required isolation/rebuild/rotation/audit actions. It must not execute malware, read secret values, upload forensic artifacts, dump home directories, or claim developer machines are clean from repository-only evidence.

References