The American Hospital Association is advising hospitals and health systems to fix a cybersecurity flaw that received the highest vulnerability score possible.
The remote code execution vulnerability affects applications using React 19, a free, open-source program for building web and user interfaces. It was rated by the Common Vulnerability Scoring System.
“It is extremely rare to score a 10 out of 10,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk, in a Dec. 8 news release. “This is an easily exploitable vulnerability and there are Chinese actors actively using it, according to Amazon’s threat intelligence teams. If this vulnerability exists in your environment, it is critical that you patch it as soon as possible.”
