CVE- 2026-6875 is a critical vulnerability in the ServiceNow AI Platform with a CVSS score of 9.5, allowing unauthenticated users to execute arbitrary commands, leading to a sandbox escape. It is actively exploited in the wild, requiring immediate patching to versions including Australia Patch 2 and Zurich Patch 7b. The flaw exists in key platform versions, and attackers target a specific pre-authentication sink to execute commands remotely without user interaction. ServiceNow has released patches, emphasizing the need for all users to update promptly to prevent potential breaches.
Urgent ServiceNow AI Platform Bug Allows Remote Command Execution
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Urgent ServiceNow AI Platform Bug Allows Remote Command Execution
securityonline.info
-
Fortinet, Ivanti and ServiceNow patch unauth RCE and other flaws
securityweek.com
-
CVE-2026-6875: Critical ServiceNow Sandbox Escape Allows Unauthenticated Remote Code Execution
securityonline.info