CVE-2026-6875: Vulnerability in ServiceNow ServiceNow AI Platform
ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. We are not currently aware of exploitation against ServiceNow instances. We recommend customers promptly apply appropriate updates or upgrade to a patched release if they have not already done so.
AI Analysis
Technical Summary
CVE-2026-6875 is a remote code execution vulnerability affecting the ServiceNow AI Platform. It permits unauthenticated users to execute code within the platform under specific circumstances. ServiceNow has addressed this issue by deploying security updates to its cloud-hosted instances and distributing patches to self-hosted customers and partners. The vendor manages remediation for the cloud service, and no active exploitation has been observed to date.
Potential Impact
Successful exploitation could allow an unauthenticated attacker to execute arbitrary code on the ServiceNow platform, potentially compromising the confidentiality, integrity, and availability of the affected system. Given the critical CVSS score of 9.5, the impact is severe. However, there are no reports of exploitation in the wild at this time.
Mitigation Recommendations
ServiceNow has deployed security updates to hosted instances and provided patches to self-hosted customers and partners. The vendor manages remediation for the cloud-hosted service. Customers should promptly apply the appropriate updates or upgrade to a patched release if they have not already done so. Patch status is confirmed as available.
CVE-2026-6875: Vulnerability in ServiceNow ServiceNow AI Platform
Description
ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. We are not currently aware of exploitation against ServiceNow instances. We recommend customers promptly apply appropriate updates or upgrade to a patched release if they have not already done so.
CVSS v4.0
Score 9.5critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6875 is a remote code execution vulnerability affecting the ServiceNow AI Platform. It permits unauthenticated users to execute code within the platform under specific circumstances. ServiceNow has addressed this issue by deploying security updates to its cloud-hosted instances and distributing patches to self-hosted customers and partners. The vendor manages remediation for the cloud service, and no active exploitation has been observed to date.
Potential Impact
Successful exploitation could allow an unauthenticated attacker to execute arbitrary code on the ServiceNow platform, potentially compromising the confidentiality, integrity, and availability of the affected system. Given the critical CVSS score of 9.5, the impact is severe. However, there are no reports of exploitation in the wild at this time.
Mitigation Recommendations
ServiceNow has deployed security updates to hosted instances and provided patches to self-hosted customers and partners. The vendor manages remediation for the cloud-hosted service. Customers should promptly apply the appropriate updates or upgrade to a patched release if they have not already done so. Patch status is confirmed as available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- SN
- Date Reserved
- 2026-04-22T18:21:24.368Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a552f7368715ace43a5ecee
Added to database: 07/13/2026, 18:33:23 UTC
Last enriched: 07/13/2026, 18:47:30 UTC
Last updated: 07/14/2026, 03:15:35 UTC
Views: 89
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.