A critical vulnerability, CVE-2026-6875, has been identified in the ServiceNow AI Platform, with a CVSS score of 9.5. This flaw allows unauthenticated remote code execution under specific conditions, jeopardizing workflow data and credentials. Affected versions include Brazil, Australia, Zurich, and Yokohama releases. ServiceNow has patched the vulnerability, and self-hosted customers are urged to apply these updates to prevent exploitation. No confirmed attacks have been reported yet, and technical details on exploitation remain undisclosed.
CVE-2026-6875: Critical ServiceNow Sandbox Escape Allows Unauthenticated Remote Code Execution
CyberSIXT Evidence Panel
Article by CyberSIXT