By rssfeeds-admin 
Tracked as CVE-2026-0542, the flaw underscores the growing attack surface of AI-driven enterprise tools.
Vulnerability Overview
CVE-2026-0542 resides in the ServiceNow AI Platform, allowing attackers to execute arbitrary code remotely without authentication under specific conditions.
While exploitation is sandbox-confined, it could leak sensitive workflow data, automation scripts, and integration logic critical for IT service management (ITSM), HR, and customer support operations.
ServiceNow published details in a security advisory KB2693566 on February 25, 2026. The company reports no evidence of in-the-wild exploitation as of disclosure, but the unauthenticated nature amplifies urgency for exposed instances.
Attackers exploit a flaw enabling code injection in the AI Platform’s processing layer. Successful RCE grants sandbox-level code execution, potentially compromising proprietary AI models, business rules, and third-party API keys.
High-value targets include finance, healthcare, and government sectors reliant on ServiceNow for AI-enhanced workflows.
The vulnerability is scored critically due to its CVSS v4.0 base of 9.8 (Attack Vector: Network; Attack Complexity: Low; Privileges Required: None; User Interaction: None; Scope: Unchanged; Confidentiality/Integrity/Availability: High). Internet-facing deployments face the highest risk.
| Field | Details |
|---|---|
| CVE ID | CVE-2026-0542 |
| Advisory ID | KB2693566 |
| Severity | Critical (CVSS 9.8) |
| Attack Type | Remote Code Execution (RCE) |
| Authentication Required | No (Unauthenticated) |
| Affected Product | ServiceNow AI Platform |
| Exploitation in the Wild | Not detected |
| Advisory Published | February 25, 2026 |
ServiceNow proactively applied fixes to hosted instances on January 6, 2026, ahead of public disclosure. Self-hosted customers and partners can download patches matching their release family.
| Release | Fixed Version | Availability Date |
|---|---|---|
| Australia | TBD | Q2 2026 |
| Zurich | Patch 4 Hotfix 3b | February 23, 2026 |
| Zurich | Patch 5 | January 12, 2026 |
| Yokohama | Patch 10 Hotfix 1b | February 18, 2026 |
| Yokohama | Patch 12 | February 6, 2026 |
| Xanadu | Patch 11 Hotfix 1a | February 2, 2026 |
Organizations in the January 2026 Patching Program received updates automatically. Unaffected instances skipped notifications.
- Immediate Actions: Verify instance versions via ServiceNow’s Now Platform diagnostics. Apply patches within 72 hours for exposed setups.
- Mitigations: Restrict AI Platform access to trusted IPs; enable sandbox logging; monitor for anomalous code execution via SIEM tools.
- Detection: Hunt for IOCs like unexpected sandbox processes or API anomalies. Use ServiceNow’s Vulnerability Response module for scanning.
- Long-term: Audit AI integrations quarterly; prioritize zero-trust for low-code platforms.
ServiceNow urges upgrades, especially for Vancouver and later releases, integrating AI agents. Security leaders should reassess exposure in hybrid cloud environments.
Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Critical ServiceNow AI Platform Flaw Allows Remote Code Execution Attacks appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.