Description
ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform.


ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners.




Further, the vulnerability is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. We are not currently aware of exploitation against ServiceNow instances.




We recommend customers promptly apply appropriate updates or upgrade to a patched release if they have not already done so.
Published: 2026-07-13
Score: 9.5 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Servicenow
Servicenow servicenow Ai Platform
Vendors & Products Servicenow
Servicenow servicenow Ai Platform

Mon, 13 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Description ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. We are not currently aware of exploitation against ServiceNow instances. We recommend customers promptly apply appropriate updates or upgrade to a patched release if they have not already done so.
Title Sandbox Escape in ServiceNow AI Platform
References
Metrics cvssV4_0

{'score': 9.5, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


Subscriptions

Servicenow Servicenow Ai Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: SN

Published:

Updated: 2026-07-13T18:57:16.136Z

Reserved: 2026-04-22T18:21:24.368Z

Link: CVE-2026-6875

cve-icon Vulnrichment

Updated: 2026-07-13T18:57:10.817Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T19:30:04Z

Weaknesses