securityonline.info 7/14/2026, 3:01:41 AM · external

CVE-2026-6875: Critical ServiceNow Sandbox Escape Allows Unauthenticated Remote Code Execution

CVE-2026-6875: Critical ServiceNow Sandbox Escape Allows Unauthenticated Remote Code Execution
CyberSIXT Evidence Panel
CISA KEV Not in KEV
Patch Patch Status Unknown

A critical vulnerability, CVE-2026-6875, has been identified in the ServiceNow AI Platform, with a CVSS score of 9.5. This flaw allows unauthenticated remote code execution under specific conditions, jeopardizing workflow data and credentials. Affected versions include Brazil, Australia, Zurich, and Yokohama releases. ServiceNow has patched the vulnerability, and self-hosted customers are urged to apply these updates to prevent exploitation. No confirmed attacks have been reported yet, and technical details on exploitation remain undisclosed.

View Primary Source Via securityonline.info

Article by CyberSIXT