COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-48027

CVE-2026-48027

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-05-27
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-48027
⌖ exploited in the wild shame 85/100 ransomwareexploited-in-wildsupply-chaindata-breach

Nx Console extension published a malicious version that harvested credentials from disk and memory.

A compromised Nx Console extension distributed an obfuscated payload capable of harvesting credentials from disk and memory, directly enabling credential theft and ransomware-like behavior. This supply-chain failure exposes DIB organizations to unauthorized access and data exfiltration if they deploy the vulnerable extension, violating FedRAMP requirements for secure software supply chains.

Shame score — Publishing a malicious extension that actively harvested credentials represents a severe supply-chain failure with no prior disclosure or patching.

Players implicated

Nx · vendorNx Console · product

Description

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.