ServiceNow has disclosed a critical security vulnerability in its AI Platform that could allow unauthenticated attackers to remotely execute code within the ServiceNow Sandbox environment.
Tracked as CVE-2026-0542, the flaw was formally published on February 25, 2026, under security advisory KB2693566.
Overview of the Vulnerability
The vulnerability exists within the ServiceNow AI Platform and can be exploited by an unauthenticated user under certain conditions to execute arbitrary code remotely.
While the attack is confined to the ServiceNow Sandbox, such execution capabilities can expose sensitive workflow data, automation logic, and enterprise integrations managed through the platform.
ServiceNow confirmed that, as of the advisory publication date, there is no evidence of active exploitation against customer instances in the wild.
| Field | Details |
|---|---|
| CVE ID | CVE-2026-0542 |
| Advisory ID | KB2693566 |
| Severity | Critical |
| Attack Type | Remote Code Execution (RCE) |
| Authentication Required | No (Unauthenticated) |
| Affected Product | ServiceNow AI Platform |
| Exploitation in the Wild | Not detected |
| Advisory Published | February 25, 2026 |
Patch and Fixed Versions
ServiceNow proactively deployed a security update to hosted customer instances on January 6, 2026. Patches are also available for self-hosted customers and partners.
| Release | Fixed Version | Availability |
|---|---|---|
| Australia | TBD | Q2 2026 |
| Zurich | Patch 4 Hotfix 3b | February 23, 2026 |
| Zurich | Patch 5 | January 12, 2026 |
| Yokohama | Patch 10 Hotfix 1b | February 18, 2026 |
| Yokohama | Patch 12 | February 6, 2026 |
| Xanadu | Patch 11 Hotfix 1a | February 2, 2026 |
Organizations running ServiceNow should immediately apply the relevant patches listed above.
Customers who participated in the January 2026 Patching Program already received the appropriate update. Instances that did not receive a notification were confirmed as unaffected.
Security teams should verify their current release version and prioritize upgrading to the fixed builds, especially for internet-accessible or externally integrated ServiceNow deployments.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
