securityonline.info 7/18/2026, 1:26:56 PM · external

Urgent ServiceNow AI Platform Bug Allows Remote Command Execution

Urgent ServiceNow AI Platform Bug Allows Remote Command Execution
CyberSIXT Evidence Panel
CISA KEV Not in KEV
Patch Patch Status Unknown

CVE- 2026-6875 is a critical vulnerability in the ServiceNow AI Platform with a CVSS score of 9.5, allowing unauthenticated users to execute arbitrary commands, leading to a sandbox escape. It is actively exploited in the wild, requiring immediate patching to versions including Australia Patch 2 and Zurich Patch 7b. The flaw exists in key platform versions, and attackers target a specific pre-authentication sink to execute commands remotely without user interaction. ServiceNow has released patches, emphasizing the need for all users to update promptly to prevent potential breaches.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline