A critical vulnerability in an enterprise AI platform has been patched, addressing a flaw that could allow unauthenticated remote code execution.
Tracked as CVE-2026-0542, this security flaw poses a significant risk to organizations using the ServiceNow AI Platform.
The vulnerability resides within the platform’s sandbox environment. Under specific conditions, it can be exploited to achieve Remote Code Execution (RCE).
The vulnerability, CVE-2026-0542, is categorized as an RCE flaw. This means an attacker could execute malicious code on the affected system without prior authentication or credentials.
The execution occurs within the ServiceNow Sandbox, a restricted environment designed to isolate untrusted code.
| Metric | Details |
|---|---|
| CVE ID | CVE-2026-0542 |
| Vulnerability Type | Remote Code Execution (RCE) |
| Affected Component | AI Platform (web, API, automation modules) |
| Impact | System compromise, data theft, workflow manipulation |
| Attack Vector | Remote network access, typically over HTTPS |
| Severity | Critical – CVSS 9.8 |
However, a successful exploit could allow an attacker to bypass these restrictions and gain unauthorized access or control over the affected instance.
While the exact technical details of the vulnerability remain undisclosed to prevent exploitation, the severity of an unauthenticated RCE flaw cannot be understated.
Threat actors highly seek after such vulnerabilities because they offer a direct pathway to compromise a system without needing user interaction or stolen credentials. ServiceNow has taken proactive steps to address this critical vulnerability.
According to their security advisory (KB2693566), the company deployed a security update to affected hosted customer instances on January 6, 2026. Security updates have also been made available to self-hosted customers and partners.
ServiceNow has stated that, at the time of the advisory’s release, they were unaware of any active exploitation of this vulnerability in the wild against customer instances.
However, the potential impact underscores the need to apply the provided updates. The company recommends that customers promptly apply the provided updates or newer versions, if they haven’t already.
Customers who participated in the January Patching Program should have already received the appropriate update.
The following table outlines the vulnerability details and the available patches across different ServiceNow releases:
| Release | Patch / Hotfix | Release Date |
|---|---|---|
| Zurich | Patch 4 Hotfix 3b | Feb 23, 2026 |
| Zurich | Patch 5 | Jan 12, 2026 |
| Yokohama | Patch 10 Hotfix 1b | Feb 18, 2026 |
| Yokohama | Patch 12 | Feb 6, 2026 |
| Xanadu | Patch 11 Hotfix 1a | Feb 2, 2026 |
| Australia | Pending Fix | Expected Q2 2026 |
Organizations utilizing ServiceNow are strongly advised to review the advisory and apply the necessary patches immediately to secure their environments against potential exploitation of CVE-2026-0542.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
