VULNERABILITY OVERVIEW
A malicious version of the Nx Console VS Code extension was published to the VS Code Marketplace as a supply-chain attack. The compromised extension fetched an obfuscated payload that harvested credentials from multiple sources on disk and in memory on developer workstations. CISA added this to the KEV catalog, confirming active credential theft in developer environments. The attack vector mirrors the concurrent TanStack npm supply-chain compromise (CVE-2026-45321), signaling a coordinated campaign targeting developer tooling ecosystems.
CVSS BREAKDOWN
↗
Attack Vector
NETWORK
△
Attack Complexity
LOW
⚷
Privs Required
NONE
◈
User Interaction
REQUIRED
⊕
Scope / Impact
CHANGED
C:H · I:H · A:N
AFFECTED VERSIONS
Compromised malicious version of Nx Console published to VS Code Marketplace (specific affected build versions detailed in GitHub security advisory GHSA-c9j4-9m59-847w)CITATIONS
- → https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
- → https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- → https://nvd.nist.gov/vuln/detail/CVE-2026-48027