Remote Code Execution Vulnerability in ServiceNow AI Platform
CVE-2026-6875

9.5CRITICAL

Key Information:

Vendor

Servicenow

Vendor
CVE Published:
13 July 2026

What is CVE-2026-6875?

A remote code execution vulnerability has been identified in the ServiceNow AI platform, allowing an unauthenticated user to execute arbitrary code under specific conditions. The vendor has implemented a security update that addresses this vulnerability for all hosted instances and provided updates for self-hosted customers and partners. Customers are urged to apply the security updates immediately to safeguard their systems. Currently, there are no known instances of exploitation exploiting this vulnerability.

Affected Version(s)

ServiceNow AI Platform 0

ServiceNow AI Platform 0

ServiceNow AI Platform 0

References

CVSS V4

Score:
9.5
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Adam Kues - Assetnote
.