Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the charting toolkit behind countless dashboards and data-heavy front ends. Security researchers tracking the incident say the compromise traces back to the same mechanism that infected the Nx Console developer extension, a supply-chain attack now cataloged by the federal government as CVE-2026-48027 and flagged by CISA as actively exploited in the wild.
The attack marks what researchers in the security community are calling the fourth wave of the TeamPCP worm campaign. Earlier waves allegedly included the theft of roughly 3,800 internal GitHub repositories, a claim that has circulated widely among threat-intelligence analysts but has not been confirmed by GitHub or any government agency. What is confirmed: the Nx Console vulnerability is real, it is being exploited, and the federal government wants it patched immediately.
For development teams that rely on @antv packages, the question is urgent and specific: did your build pipeline pull tainted code before anyone raised the alarm?
What the federal vulnerability record confirms
The National Vulnerability Database entry for CVE-2026-48027, titled “Nx Console Embedded Malicious Code Vulnerability,” lays out the technical facts. The Nx Console developer tool shipped with embedded malicious code in at least one release, giving attackers a foothold inside any CI/CD environment or local workstation that installed the compromised version. NIST published the record, and CISA escalated it to the agency’s Known Exploited Vulnerabilities catalog, a designation reserved for flaws confirmed to be under active attack.
Three primary references anchor the NVD entry: an upstream GitHub Security Advisory (GHSA), a postmortem published by the Nx team, and an independent forensic analysis by StepSecurity. Together, these form the evidence trail for anyone auditing their own exposure.
The CISA KEV listing carries real operational weight. Federal civilian agencies are required to patch KEV-listed vulnerabilities within a fixed timeline. Private-sector organizations that follow CISA guidance treat the listing as a de facto emergency. Reaching KEV status means the government considers the embedded malicious code a live, weaponized risk, not a theoretical one.
How a developer tool becomes a worm delivery vehicle
Nx Console is a widely adopted extension that helps engineers scaffold, build, and manage monorepo projects. It runs with the same permissions as the developer’s local environment or build server. Injecting code into the extension hands an attacker access to tokens, credentials, and downstream package-publishing pipelines.
That is the mechanism the TeamPCP operators appear to have exploited: compromise a trusted tool once, then ride its update channel into thousands of downstream projects.
The leap from Nx Console to @antv follows the same logic. If an @antv maintainer’s workstation or CI runner pulled the tainted Nx Console release, the worm could have harvested npm publish tokens or GitHub personal access tokens stored in environment variables. With those credentials in hand, publishing a poisoned update to any @antv package becomes a single API call.
The attack chain works because modern JavaScript tooling trusts other JavaScript tooling implicitly. A single compromised dependency can propagate laterally across projects that share no code but share the same build infrastructure. NIST’s risk-management frameworks, accessible through the agency’s NVD portal, catalog controls designed to interrupt exactly this kind of lateral movement. The gap, in practice, is that many open-source maintainers operate without the staffing or tooling to implement those controls before an incident forces the issue.
What remains unconfirmed
Several claims circulating alongside this story lack official confirmation, and readers should weigh them accordingly.
No government record or published postmortem currently explains why the TeamPCP operators targeted @antv specifically. The claim that the same crew stole 3,800 GitHub internal repositories two weeks before the @antv hit has spread through security-community channels, but the NVD entry for CVE-2026-48027 contains no attribution linking the Nx Console exploit to any repository theft. GitHub has not publicly confirmed the incident. The CVE record documents the technical flaw and confirms active exploitation. It does not name a threat actor or connect the dots to a broader campaign timeline.
The wave-numbering system itself comes from researcher discussions, not from a formal taxonomy published by CISA or another authority. One working theory is that the operators are chaining the Nx Console compromise to accounts that maintain visualization and diagramming libraries because those packages often ship inside internal business-intelligence tools, giving attackers a path into enterprise data. That hypothesis is plausible but unconfirmed.
Statements from GitHub and from @antv maintainers about the scope of the breach, the number of affected package versions, and the timeline of unauthorized access have not appeared in any of the government indexes reviewed for this report. Until those parties publish detailed incident disclosures, the full blast radius remains an open question.
How to weigh the evidence
The strongest layer of evidence is the NVD entry itself: a government-maintained record with severity scores, upstream advisory links, and CISA KEV confirmation. Any claim traceable to the NVD entry or its linked references (the GHSA advisory, the Nx postmortem, the StepSecurity analysis) rests on primary documentation.
Below that sits contextual reporting from security researchers and community posts describing the TeamPCP worm’s wave structure and its alleged connection to the GitHub repository theft. These accounts provide useful narrative framing but lack the formal attribution chain that a CVE or CISA advisory carries. They are leads, not confirmed facts.
The weakest tier is social-media commentary: speculative motive analysis, unverified claims about which packages were affected, and reaction threads. This layer can surface early warnings, but it can also amplify false positives. Teams making patching decisions should anchor those choices to the NVD severity metrics and CISA KEV status, not to trending posts.
What affected teams should do now
For any organization that uses Nx Console or @antv packages, the first step is concrete: audit your dependency lock files. Check package-lock.json, yarn.lock, pnpm-lock.yaml, and any internal dependency manifests for the compromised Nx Console versions and for any @antv releases published during the suspected compromise window. Cross-check those against the dates and version ranges documented in the NVD-linked advisories.
If you find evidence of the vulnerable Nx Console release in your environment, assume that any tokens or credentials accessible to the affected machines may have been exposed. Rotate npm access tokens, GitHub personal access tokens, SSH keys, and CI secrets, even if no malicious behavior has been observed yet. For @antv consumers, pin dependencies to known-good versions and temporarily disable automatic minor-version upgrades to reduce the risk of silently ingesting a poisoned release.
Enterprises with mature security programs should also review build and release workflows against NIST’s configuration guidance: least privilege for CI runners, isolated build networks, mandatory code-signing for release artifacts, and continuous monitoring of package registries for anomalous publish activity. Smaller teams and individual maintainers may not be able to implement every control, but even basic steps, such as hardware-backed authentication for registry access and separating personal development environments from release infrastructure, raise the bar for attackers considerably.
Why disclosure from GitHub and @antv still matters
The federal record confirms the exploit. What it cannot provide is the operational detail that only the affected platforms and maintainers possess: which @antv package versions carried malicious code, how long the compromise window lasted, and whether the attackers used their access to push further downstream.
Organizations that confirm exposure should coordinate with their security teams to issue internal advisories, document credential-rotation steps, validate builds against known-good checksums, and provide guidance to downstream users or customers who depend on @antv-based tools. As formal disclosures emerge from GitHub, the Nx team, and @antv maintainers, aligning internal response reports with those authoritative sources will keep remediation grounded in verifiable facts rather than speculation.
Until those disclosures arrive, the CVE record and CISA KEV listing remain the most reliable anchors. The rest of the story is still being written.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
