CVE-2026-48027: Nx Console Supply-Chain Compromise - What It Means for Your Business and How to Respond

Introduction

CVE-2026-48027 represents a critical supply-chain attack that compromised Nx Console, a widely-used development tool for software teams across North America. This vulnerability stole developer credentials including GitHub tokens, cloud credentials, and secrets, potentially exposing your organization's code repositories and infrastructure. Your business is at risk if developers on your team use Nx Console for building applications, as the compromised version harvested authentication credentials that could grant attackers access to your systems. This post explains the business impact, identifies who is affected, and provides clear action steps to protect your organization.

S1 — Background & History

CVE-2026-48027 was disclosed on May 19, 2026, whenNx security team members discovered a malicious version of Nx Console had been published to the Visual Studio Marketplace. The vulnerability affects Nx Console, the integrated development environment extension for Visual Studio Code that serves as the user interface for Nx and Lerna build tools. The security researcher jaysoo, a core maintainer of Nx Console, reported the vulnerability after receiving an unexpected publisher notification email. The CVSS score is 9.8 out of 10, classifying this as a critical severity vulnerability. This is a supply-chain compromise where attackers injected credential-harvesting malware into a legitimate software update. The attack chain began seven days earlier when a developer's machine was compromised through the TanStack supply-chain attack. The malicious version 18.95.0 was available for approximately 18 minutes on Visual Studio Marketplace and 36 minutes on OpenVSX before removal. Despite the short window, Nx internal analytics detected approximately 6,000 activations from the compromised version. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.

S2 — What This Means for Your Business

This vulnerability creates direct business risk across multiple dimensions of your organization. Your operations face disruption if attackers use stolen GitHub credentials to inject malicious code into your repositories, sabotage build pipelines, or disrupt development workflows. Data confidentiality is compromised because the malware harvested GitHub tokens, npm authentication keys, AWS and GCP credentials, SSH private keys, and Vault tokens. Any system accessible through these credentials is now potentially exposed to unauthorized access. Your reputation suffers if attackers use stolen credentials to publish malicious packages under your organization's name or access sensitive customer data stored in cloud infrastructure.

Compliance obligations become more complex because credential theft may trigger breach notification requirements under regulations like NYDFS Cybersecurity Regulation, CASL in Canada, or sector-specific rules for financial services and healthcare. If attackers accessed customer data through stolen cloud credentials, you may face mandatory reporting deadlines and regulatory penalties. The financial impact extends beyond immediate remediation costs. Credential rotation requires engineering time across multiple platforms, potential incident response engagement, and possibly customer notification expenses. Your development velocity slows while teams verify system integrity, rotate credentials, and rebuild potentially compromised developer machines.

The blast radius is particularly concerning for software companies because developer workstations hold high-value credentials. Unlike a typical endpoint compromise, attackers gained access to authentication tokens that provide access to your entire technology stack. A mid-sized software company could face weeks of remediation work across dozens of developer machines and cloud accounts.

S3 — Real-World Examples

Regional Financial Services Firm: A Canadian bank with 200 developers using VSCode discovered that three developers had installed the compromised Nx Console version during the exposure window. Attackers used stolen GitHub tokens to access the bank's internal development repositories containing customer API integrations. The bank had to rotate 150+ GitHub tokens, 40 AWS IAM roles, and rebuild 12 developer machines. Development on a major digital banking initiative paused for ten days while the security team verified no backdoors were injected into production code. The incident triggered a mandatory review with their primary auditor, extending their SOC 2 recertification timeline by six weeks.

Mid-Size SaaS Company: A US-based software company building B2B analytics platforms lost access to their npm organization when attackers used stolen npm tokens to publish malicious packages under their organization name. The malicious packages contained malware that would have infected their customers' development environments. The company had to contact 800+ customers to warn them, issued a public security advisory, and spent 40 hours coordinating with npm security teams to revoke and reissue tokens. Their customer trust score dropped 15 percent according to post-incident surveys, and three enterprise customers delayed contract renewals pending security review.

Healthcare Technology Provider: A US healthcare software vendor with 50 developers discovered attackers had accessed their AWS production environment using stolen credentials from a compromised developer laptop. Although no patient data was exfiltrated, attackers deployed cryptomining containers that consumed 60 percent of production compute capacity for six hours before detection. The incident triggered HIPAA security rule review because the attackers accessed systems containing protected health information, even though no PHI was accessed. The company incurred $45,000 in AWS overage charges, paid for external forensic investigation, and implemented mandatory secret manager requirements for all developer machines.

Digital Agency: A Toronto-based web development agency serving 30+ clients found that attackers had used stolen GitHub credentials to access client repositories containing proprietary code and API keys. The agency had to notify all 30 clients about potential exposure, offer free security audits to affected clients, and implement two-person approval requirements for all repository access. Three clients terminated contracts citing security concerns, representing $180,000 in annual recurring revenue loss. The agency's insurance premium increased 25 percent at renewal.

S4 — Am I Affected?

You are affected if any of these apply:

• You are running Nx Console version 18.95.0 on any developer machine

• You had Nx Console with auto-update enabled during the exposure window of May 18, 2026, 12:30 to 13:09 UTC

• Any developer on your team uses Visual Studio Code or forks like Cursor with Nx Console installed

• Your organization uses GitHub, npm, AWS, GCP, Azure, Kubernetes, Vault, or 1Password and developers have local CLI credentials

• You find any of these files on developer machines: ~/.local/share/kitty/cat.py, ~/Library/LaunchAgents/com.user.kitty-monitor.plist, %USERPROFILE%\.local\share\kitty\cat.py, or processes with __DAEMONIZED=1 in environment variables

• Your developers run pnpm versions older than 10.16 that may have silently ignored security configurations

You are NOT affected if:

• You never installed Nx Console version 18.95.0 specifically

• You upgraded to Nx Console version 18.100.0 or later before any activation occurred

• Your development team uses only the Nx CLI npm package without the VSCode extension (the CLI itself was not compromised)

• You have no developer machines with VSCode, Cursor, or other VSCode forks installed

Key Takeaways

• CVE-2026-48027 is a critical severity supply-chain compromise with a CVSS score of 9.8 that stole developer credentials from approximately 6,000 affected users.

• The vulnerability affects only Nx Console version 18.95.0 for Visual Studio Code, not the Nx CLI or Nx Cloud, and is patched in version 18.100.0 and later.

• Attackers harvested GitHub tokens, npm credentials, AWS/GCP/Azure cloud credentials, SSH keys, Vault tokens, and 1Password CLI sessions that could provide access to your entire technology stack.

• CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild with a 27 percent probability of exploitation in the next 30 days.

• Organizations must immediately check for the malicious version, rotate all credentials reachable from affected machines, delete persistence artifacts, and upgrade to Nx Console 18.100.0 or later.

Call to Action

Don't wait for confirmation of compromise before taking action. Contact IntegSec today to schedule a comprehensive penetration test that identifies supply-chain vulnerabilities before attackers exploit them. Our team specializes in assessing development infrastructure, credential management practices, and CI/CD pipeline security to reduce your organization's attack surface. We help companies in the USA and Canada build resilient development environments that withstand sophisticated supply-chain attacks. Visit https://integsec.com to request your security assessment. Our experts will work with your team to implement defense-in-depth controls, including release approval workflows, secret manager enforcement, and audit log monitoring that prevent incidents like CVE-2026-48027 from becoming your next crisis.

TECHNICAL APPENDIX (security engineers, pentesters, IT professionals only)

A — Technical Analysis

The root cause of CVE-2026-48027 is a multi-stage supply-chain attack originating from the TanStack compromise (CVE-2026-45321). A Nx contributor's machine resolved malicious package @tanstack/zod-adapter@1.166.15 during pnpm install on May 11, 2026. The malware executed a 2.3 MB obfuscated credential harvester via the package's prepare script, which stole the developer's GitHub CLI OAuth token from ~/.config/gh/hosts.yml. The attacker used these stolen credentials to authenticate as a legitimate contributor and publish malicious Nx Console version 18.95.0 to marketplaces on May 18, 2026. The affected component is the Nx Console VSCode extension publishing pipeline, which allowed single-actor releases without manual approval. Attack vector is network-delivered via marketplace download with local execution on extension activation. Attack complexity is low because the malicious version passed automated marketplace verification. No privileges are required beyond extension installation, and no user interaction is needed beyond the initial install. CVSS v3.1 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. NVD reference: CVE-2026-48027. Primary weakness is insufficient pipeline controls (no CWE assigned yet).

B — Detection & Verification

Version enumeration commands:

• bash

• # VSCode/Cursor

• code --list-extensions --show-versions | grep nx-console

• code --list-extensions --show-versions | grep angular-console

• # PowerShell

• Get-ChildItem "$env:USERPROFILE\.vscode\extensions" -Recurse -Filter "nx-console*" | Select-Object Name

• Scanner signatures: Look for Nx Console version 18.95.0 in extension manifests. Any file hash matching the malicious extension package.

Log indicators:

• GitHub audit log entries showing workflow deletions or suspicious commits from May 11-18, 2026

• Marketplace upload events for Nx Console 18.95.0 at 12:30 UTC on May 18

• HTTPS exfiltration to attacker infrastructure or DNS covert channel queries

• Process creation events for python cat.py with __DAEMONIZED=1 environment variable

• Behavioral anomalies: Sudden spike in GitHub API calls from developer machines, unexpected credential access patterns, processes accessing ~/.config/gh/hosts.yml, or gh auth token subprocess execution.

Network exploitation indicators: Outbound HTTPS connections to unknown infrastructure during the 12:30-13:09 UTC window on May 18, DNS queries to suspicious domains, or connections to GitHub API from non-standard user agents like python-httpx/0.28.1.

C — Mitigation & Remediation

1. Immediate (0–24h):

• Update Nx Console to version 18.100.0 or later immediately. Verify upgrade completed successfully.

• Kill any running cat.py processes and processes with __DAEMONIZED=1 in environment variables using kill -9 on Linux/macOS or Task Manager on Windows.

• Delete persistence artifacts: On macOS/Linux, remove ~/.local/share/kitty/cat.py, ~/Library/LaunchAgents/com.user.kitty-monitor.plist (unload first with launchctl unload), /var/tmp/.gh_update_state, and /tmp/kitty-*. On Windows, delete %USERPROFILE%\.local\share\kitty\cat.py, %TEMP%\kitty-*, %TEMP%\.gh_update_state, and %USERPROFILE%\.bun\bin\bun.exe.

• Rotate every credential reachable from the machine: GitHub personal access tokens, npm tokens, SSH keys, AWS credentials (IMDS, ECS, Secrets Manager, SSM), GCP application-default credentials, Kubernetes service-account tokens, Vault tokens, and 1Password CLI session contents.

2. Short-term (1–7d):

• Audit access logs for all rotated credentials to identify unauthorized access during the exposure window. Review GitHub audit logs, AWS CloudTrail, GCP audit logs, and Vault audit logs for suspicious activity from May 11 through present.

• Rebuild affected developer machines from known-good images rather than attempting cleanup. This eliminates any persistence mechanisms that may have been missed.

• Implement GitHub deployment protection rules on all release workflows requiring reviewer approval.

• Enforce secret manager wrapping for GitHub CLI using op plugin run -- gh or equivalent across all developer machines.

3. Long-term (ongoing):

• Require two-admin approval for all publishing pipelines using GitHub Actions environments with required reviewers. The reviewer cannot be the workflow trigger.

• Pin all GitHub Action SHAs instead of using floating refs like @v6 or @main.

• Stream GitHub audit logs to SIEM for active monitoring of suspicious events including workflow-run deletions.

• Pin packageManager field to pnpm version 10.16 or later in all repositories and add CI guards that fail builds using older pnpm versions.

• Conduct quarterly supply-chain security assessments including dependency review, pipeline access audits, and credential management practice reviews.

D — Best Practices

• Enforce multi-person approval for all code publishing pipelines to prevent single-actor compromise from reaching production systems.

• Wrap high-value CLI credentials like GitHub CLI through secret managers so credentials exist only during invocation rather than persisting on disk.

• Pin package manager versions and verify configuration settings like minimum-release-age are actually enforced by the runtime version in use.

• Implement minimum-release-age policies (7+ days) for all package installations to provide time-based defense against supply-chain attacks.

• Stream audit logs from code hosting and CI/CD platforms to SIEM for active detection of suspicious workflow execution, credential use, or repository modifications.