2026-07-13 · view entry permalink →
CVE-2026-6875 — ServiceNow AI Platform sandbox escape lets an unauthenticated request execute code on the platform (CVSS 9.5)
ServiceNow disclosed CVE-2026-6875, a "Sandbox Escape in ServiceNow AI Platform" rated CVSS 4.0 9.5, in security bulletin KB3137947 published 2026-07-13 (ServiceNow, 2026-07-13; ENISA EUVD, 2026-07-13). Per ServiceNow, the flaw "could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform" — an isolation failure in the AI Platform's code-execution environment. ServiceNow states it "addressed this vulnerability by deploying a security update to hosted instances," provided updates to self-hosted customers and partners, and is "not currently aware of exploitation against ServiceNow instances" (ServiceNow, 2026-07-13). Fixed releases are Zurich Patch 7b/9, Yokohama Patch 12 Hot Fix 1b/13, Australia Patch 2 and Brazil EA/GA. Because hosted instances were remediated server-side by the vendor, the live exposure is narrowed to self-hosted and partner-managed deployments that have not yet applied the update — a population that still includes public-sector and critical-infrastructure operators running ServiceNow ITSM, HR-service-delivery and case-management on-prem or through partners.
This vulnerability, tracked as CVE-2026-6875, could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform.
We are not currently aware of exploitation against ServiceNow instances.