Critical RCE Vulnerability Patched in ServiceNow AI Platform
A severe remote code execution (RCE) vulnerability, tracked as CVE-2026-0542, has been patched in ServiceNow’s enterprise AI platform. The flaw, rated Critical (CVSS 9.8), could allow unauthenticated attackers to execute malicious code on affected systems via remote network access, typically over HTTPS.
The vulnerability resides in the platform’s sandbox environment, designed to isolate untrusted code. Under specific conditions, exploitation could bypass these restrictions, leading to system compromise, data theft, or workflow manipulation. While ServiceNow has not disclosed technical details to prevent abuse, the flaw’s unauthenticated nature makes it a high-value target for threat actors.
ServiceNow addressed the issue by deploying security updates to hosted customer instances on January 6, 2026, with patches also released for self-hosted environments. As of the advisory’s release, the company reported no known active exploitation in the wild. However, organizations were urged to apply updates promptly.
Available patches by release:
- Zurich: Patch 4 Hotfix 3b (Feb 23, 2026), Patch 5 (Jan 12, 2026)
- Yokohama: Patch 10 Hotfix 1b (Feb 18, 2026), Patch 12 (Feb 6, 2026)
- Xanadu: Patch 11 Hotfix 1a (Feb 2, 2026)
- Australia: Pending fix (expected Q2 2026)
Customers enrolled in the January Patching Program were automatically updated. ServiceNow’s advisory (KB2693566) provides further details for affected users.
Source: https://cybersecuritynews.com/servicenow-ai-platform-vulnerability/
ServiceNow cybersecurity rating report: https://www.rankiteo.com/company/servicenow
"id": "SER1772116716",
"linkid": "servicenow",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'ServiceNow customers using the '
'AI platform',
'industry': 'Information Technology',
'name': 'ServiceNow',
'type': 'Enterprise Software Provider'}],
'attack_vector': 'Remote network access (HTTPS)',
'customer_advisories': 'Customers urged to apply updates promptly',
'data_breach': {'data_exfiltration': 'Potential data theft'},
'date_publicly_disclosed': '2026-01-06',
'date_resolved': '2026-02-23',
'description': 'A severe remote code execution (RCE) vulnerability, tracked '
'as CVE-2026-0542, has been patched in ServiceNow’s enterprise '
'AI platform. The flaw, rated Critical (CVSS 9.8), could allow '
'unauthenticated attackers to execute malicious code on '
'affected systems via remote network access, typically over '
'HTTPS. The vulnerability resides in the platform’s sandbox '
'environment, designed to isolate untrusted code. Under '
'specific conditions, exploitation could bypass these '
'restrictions, leading to system compromise, data theft, or '
'workflow manipulation.',
'impact': {'data_compromised': 'Potential data theft',
'operational_impact': 'Workflow manipulation',
'systems_affected': 'ServiceNow AI platform sandbox environment'},
'investigation_status': 'Patched',
'post_incident_analysis': {'corrective_actions': 'Security updates and '
'patches deployed',
'root_causes': 'Vulnerability in sandbox '
'environment restrictions'},
'recommendations': 'Apply security updates promptly',
'references': [{'source': 'ServiceNow Advisory', 'url': 'KB2693566'}],
'response': {'communication_strategy': 'Advisory KB2693566 released',
'containment_measures': 'Security updates deployed to hosted '
'customer instances',
'remediation_measures': 'Patches released for self-hosted '
'environments'},
'title': 'Critical RCE Vulnerability Patched in ServiceNow AI Platform',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2026-0542'}