CVE-2026-32887

Versions sourced from the GitHub Security Advisory.

• Effectful/Effect

  cpe:2.3:a:effectful:effect:*:*:*:*:*:node.js:*:*

  Range: <3.20.0

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• github.com/Effect-TS/effect/security/advisories/GHSA-38f7-945m-qr2gnvdExploitVendor AdvisoryWEB
• github.com/advisories/GHSA-38f7-945m-qr2gghsaADVISORY
• nvd.nist.gov/vuln/detail/CVE-2026-32887ghsaADVISORY

• Instructure Pays ShinyHunters Ransom to Little Likely Return
  GovInfoSecurity · May 17, 2026
• Friday Squid Blogging: Bigfin Squid
  Schneier on Security · May 16, 2026
• Here’s how the FTC plans to enforce the Take It Down Act
  CyberScoop · May 15, 2026
• Akamai to acquire LayerX for $205 million
  Help Net Security · May 15, 2026
• MPs want social media treated more like unsafe toys than harmless apps
  The Register Security · May 15, 2026
• AI Drives Cybersecurity Investments, Widening 'Valley of Death'
  Dark Reading · May 14, 2026
• New Fragnesia Flaw Hands Linux Local Users Root Access
  Infosecurity Magazine · May 14, 2026
• Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access
  The Register Security · May 14, 2026
• When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
  Rapid7 Blog · May 13, 2026
• Most Remediation Programs Never Confirm the Fix Actually Worked
  The Hacker News · May 13, 2026
• Congressman launches inquiry into how food retailers use surveillance pricing
  The Record · May 12, 2026
• 20 Leaders Who Built the CISO Era: 2 Decades of Change
  Dark Reading · May 12, 2026
• OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
  The Hacker News · May 12, 2026
• Build Application Firewalls Aim to Stop the Next Supply Chain Attack
  SecurityWeek · May 11, 2026
• LLMs and Text-in-Text Steganography
  Schneier on Security · May 11, 2026
• Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
  Help Net Security · May 10, 2026
• Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
  Schneier on Security · May 8, 2026
• Dirty Frag: Unpatched Linux vulnerability delivers root access
  Help Net Security · May 8, 2026
• Meta U-turns on encryption push for Instagram as DMs go plaintext
  The Register Security · May 8, 2026
• Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
  SecurityWeek · May 8, 2026
• If a fake moustache can fool age checks, is the Online Safety Act working?
  Malwarebytes Labs · May 7, 2026
• Google Chrome&#8217;s silent 4GB AI download problem [updated]
  Malwarebytes Labs · May 6, 2026
• From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
  Dark Reading · May 6, 2026
• Middle East Cyber Battle Field Broadens — Especially in UAE
  Dark Reading · May 6, 2026
• Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations
  Dark Reading · May 5, 2026
• One in four MCP servers opens AI agent security to code execution risk
  Help Net Security · May 5, 2026
• TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
  SANS Internet Storm Center · May 4, 2026
• Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber
  Dark Reading · Apr 30, 2026
• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
  Krebs on Security · Apr 30, 2026
• Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
  The Hacker News · Apr 29, 2026
• Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
  Infosecurity Magazine · Apr 29, 2026
• Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
  Dark Reading · Apr 28, 2026
• VECT: Ransomware by design, Wiper by accident
  Check Point Research · Apr 28, 2026
• Ongoing supply-chain attack 'explicitly targeting' security, dev tools
  The Register Security · Apr 27, 2026
• Ongoing supply-chain attack 'explicitly targeting' security, dev tools
  The Register Security · Apr 27, 2026
• Could your choice of metrics be harming your SOC?
  NCSC UK · Apr 27, 2026
• Medieval Encrypted Letter Decoded
  Schneier on Security · Apr 27, 2026
• CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
  The Hacker News · Apr 25, 2026
• ICE Uses Graphite Spyware
  Schneier on Security · Apr 22, 2026
• Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
  Dark Reading · Apr 21, 2026
• DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
  Check Point Research · Apr 20, 2026
• What the ransom note won’t say
  ESET WeLiveSecurity · Apr 20, 2026
• Redirects for AI Training enforces canonical content
  Cloudflare Blog · Apr 17, 2026
• Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
  Infosecurity Magazine · Apr 16, 2026
• Automotive Ransomware Attacks Double in a Year
  Infosecurity Magazine · Apr 16, 2026
• A Clearer Path from Prioritized Exposures to Remediation Progress
  Rapid7 Blog · Apr 15, 2026
• Edge Decay: How a Failing Perimeter Is Fueling Modern Intrusions
  SentinelOne Labs · Apr 9, 2026
• As breakout time accelerates, prevention-first cybersecurity takes center stage
  ESET WeLiveSecurity · Apr 7, 2026
• ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
  Zero Day Initiative · Apr 2, 2026
• TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
  Infosecurity Magazine · Mar 31, 2026