Description
ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.   





ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and hot fixes. While we are not currently aware of exploitation against customer instances, we recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Published: 2026-02-25
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability is located in the ServiceNow AI Platform and permits an attacker, without authentication, to execute arbitrary code within the ServiceNow sandbox. This is due to improper input handling identified as CWE‑653. The ability to run code with sandbox privileges could result in compromise of the sandbox and unauthorized access to instance data and services.

Affected Systems

The affected product is ServiceNow AI Platform, encompassing both ServiceNow‑hosted instances and self‑hosted deployments. No explicit version range is specified, so all current releases of the AI Platform should be verified against the published security updates.

Risk and Exploitability

The CVSS score of 9.2 reflects a critical severity. The EPSS score of less than 1 percent indicates a low likelihood of active exploitation currently, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is remote, unauthenticated, and accessible from any network point that can reach the AI platform. Attackers would need to supply specially crafted input to trigger the vulnerability.

Generated by OpenCVE AI on April 18, 2026 at 10:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the ServiceNow‑issued security update to all hosted AI Platform instances.
  • Apply the posted patches and hot fixes to self‑hosted installations as described in the vendor support article.
  • If patching cannot be performed immediately, isolate the AI platform sandbox and block unauthenticated API or interface access until the update is applied.

Generated by OpenCVE AI on April 18, 2026 at 10:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Servicenow
Servicenow servicenow Ai Platform
Vendors & Products Servicenow
Servicenow servicenow Ai Platform

Wed, 25 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
Description ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.    ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and hot fixes. While we are not currently aware of exploitation against customer instances, we recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Title Remote Code Execution in ServiceNow AI Platform
Weaknesses CWE-653
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Servicenow Servicenow Ai Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: SN

Published:

Updated: 2026-02-26T15:53:05.161Z

Reserved: 2025-12-30T14:27:44.742Z

Link: CVE-2026-0542

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-25T21:16:36.147

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0542

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:45:43Z

Weaknesses