A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog. The vulnerability impacts applications using versions of React 19, a free, open-source JavaScript library commonly used for building web and native user interfaces. The vulnerability is also listed with a maximum score of 10 by the Common Vulnerability Scoring System.  
 
“It is extremely rare to score a 10 out of 10,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This is an easily exploitable vulnerability and there are Chinese actors actively using it, according to Amazon’s threat intelligence teams. If this vulnerability exists in your environment, it is critical that you patch it as soon as possible.” 

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Headline
Leaders of the Five Eyes cybersecurity agencies, consisting of Australia, Canada, New Zealand, the United Kingdom and the United States, released a joint…
Headline
President Trump issued a memorandum June 12 on cybersecurity governance for national security systems used by federal agencies. The memo re-establishes and…
Headline
The Cybersecurity and Infrastructure Security Agency and other federal agencies released a fact sheet June 2 on malicious cyber activity targeting U.S.-based…
Headline
The FBI and international agencies have released an alert on Chinese military intelligence services using professional networking sites and online job…
Headline
The White House issued an executive order June 2 on cybersecurity efforts regarding artificial intelligence. The order instructs federal…
Headline
The Health Sector Coordinating Council’s Cybersecurity Working Group has released a guide to help healthcare organizations establish cyber governance…