Critical ServiceNow AI Platform Flaw Allows Unauthenticated Remote Code Execution


ServiceNow has fixed a critical vulnerability that could allow an unauthenticated remote attacker to execute code within the ServiceNow AI Platform. The sandbox escape flaw, tracked as CVE-2026-6875, affects hosted and self-hosted environments running vulnerable platform releases.

The vulnerability carries a CVSS 4.0 score of 9.5 out of 10. According to the ServiceNow security advisory KB3137947, an attacker could exploit the issue without signing in under certain circumstances.

ServiceNow has already deployed a security update to hosted instances. The company has also released patches and fixed family versions for self-hosted customers and partners. Administrators who manage their own deployments should confirm their release and apply the appropriate update immediately.

What Is CVE-2026-6875?

CVE-2026-6875 is a sandbox escape and remote code execution vulnerability in the ServiceNow AI Platform. A sandbox normally limits what code or a process can access. A successful escape can allow code to operate outside those intended restrictions.

The official CVE-2026-6875 record states that an unauthenticated user could execute code within the ServiceNow platform in certain circumstances. ServiceNow has not described every prerequisite or the complete execution path in its public advisory.

Vulnerability detailInformation
CVE identifierCVE-2026-6875
Affected productServiceNow AI Platform
Vulnerability typeSandbox escape and remote code execution
Authentication requiredNo
User interaction requiredNo
Attack vectorNetwork
Attack complexityHigh
CVSS version and scoreCVSS 4.0, 9.5 Critical
Known exploitationNone reported by ServiceNow as of July 16, 2026

The U.S. National Vulnerability Database lists the issue under CWE-94, Improper Control of Generation of Code. The NVD entry for CVE-2026-6875 currently marks the record as awaiting further enrichment, meaning NIST has not yet added its own independent severity assessment.

Why the ServiceNow Vulnerability Is Critical

Organizations use ServiceNow to manage IT operations, employee workflows, customer services, security incidents, assets and internal business processes. These environments can contain operational records, user information, integration details and connections to other enterprise systems.

Remote code execution could give an attacker significant control within the affected platform. The precise actions available would depend on the vulnerable component, instance configuration, installed applications and privileges assigned to the exploited process.

Possible consequences could include:

  • Access to sensitive records handled by the affected platform component
  • Unauthorized changes to workflows or application data
  • Disruption of IT and business processes
  • Abuse of integrations connected to the ServiceNow instance
  • Execution of follow-on actions within the compromised environment
  • Loss of confidentiality, integrity and availability

The CVSS vector assigns high impact ratings across both vulnerable and subsequent systems. It also records no authentication or user interaction requirement. However, the high attack-complexity rating suggests that successful exploitation depends on conditions beyond sending a simple request.

Affected and Fixed ServiceNow Releases

The vulnerability affects ServiceNow AI Platform releases earlier than the fixed versions listed below. Customers should check the exact patch level rather than relying only on the family name.

Release familyFixed release or patch
BrazilBrazil Early Access or Brazil General Availability
AustraliaAustralia Patch 2
ZurichZurich Patch 7b or Zurich Patch 9
YokohamaYokohama Patch 12 Hot Fix 1b or Yokohama Patch 13

The alternatives shown for Zurich and Yokohama reflect separate supported patch branches. Administrators should select the update that matches their current release path and confirm compatibility with installed applications, integrations and customizations.

The ServiceNow CVE-2026-6875 advisory recommends applying the appropriate update or upgrading to a patched release promptly. Self-hosted customers may need a Now Support account to access additional maintenance instructions linked from the advisory.

Hosted and Self-Hosted Customers Need Different Checks

ServiceNow says it pushed the security update to hosted instances. Hosted customers should still verify their instance status through their ServiceNow support contacts, change records or administrative maintenance information.

Self-hosted customers and partners must install the relevant security update themselves. These organizations should inventory every production, development, testing and disaster-recovery instance because non-production systems may contain copied data or trusted connections.

Deployment typeRecommended action
ServiceNow-hosted instanceConfirm that ServiceNow applied the security update and document the installation status.
Self-hosted instanceIdentify the release family, obtain the correct patch and complete an accelerated deployment.
Development or test instancePatch the instance and check whether it contains production data, credentials or active integrations.
Partner-managed environmentRequest written confirmation of the installed fixed version from the responsible provider.

The official CVE record treats releases earlier than the specified fixed versions as affected. Organizations should avoid assuming that an older hot fix includes the correction unless ServiceNow explicitly confirms it.

How Organizations Should Respond

Security teams should make patch verification the first priority. They should then review relevant records for unusual behavior, especially if an instance remained on an affected version after the update became available.

  1. Inventory all hosted, self-hosted and partner-managed ServiceNow instances.
  2. Record the release family, patch level and hosting model for each instance.
  3. Upgrade every affected instance to an appropriate fixed release.
  4. Verify the update after installation and retain evidence for compliance reviews.
  5. Review privileged accounts, recently created users and unexpected role assignments.
  6. Check administrative activity, integrations, API requests and workflow changes for anomalies.
  7. Investigate unexpected scripts, application changes or configuration modifications.
  8. Confirm that logging reaches the organizationโ€™s SIEM or security monitoring platform.

Teams should also review secrets stored in scripts, integrations and workflow configurations. If an investigation finds evidence of unauthorized code execution, responders should isolate affected integrations and rotate exposed credentials, tokens and keys.

ServiceNow said it was not aware of exploitation against customer instances when it published the advisory. The National Vulnerability Database record also showed no reported exploitation when last updated.

FAQ

What is CVE-2026-6875?

CVE-2026-6875 is a critical sandbox escape and remote code execution vulnerability in the ServiceNow AI Platform. It could allow an unauthenticated user to execute code under certain circumstances.

What is the severity of CVE-2026-6875?

ServiceNow assigned the vulnerability a CVSS 4.0 score of 9.5, which carries a Critical severity rating.

Does CVE-2026-6875 require authentication?

No. The official vulnerability record states that an attacker does not need authentication. User interaction is also not required, although the attack complexity is rated high.

Which ServiceNow releases fix CVE-2026-6875?

Fixed versions include Brazil Early Access and General Availability, Australia Patch 2, Zurich Patch 7b or Patch 9, and Yokohama Patch 12 Hot Fix 1b or Patch 13.

Has CVE-2026-6875 been exploited?

ServiceNow reported no known exploitation against customer instances as of July 16, 2026. Organizations should still patch promptly because the vulnerability permits unauthenticated remote code execution under certain conditions.

Do ServiceNow-hosted customers need to install the patch?

ServiceNow says it deployed the security update to hosted instances. Customers should verify that their instances received the update. Self-hosted customers must install the appropriate patch or upgrade themselves.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages