Protection mechanism failure in ServiceNow - CVE-2026-6875
Published: July 15, 2026
ServiceNow
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper sandbox enforcement in the ServiceNow AI platform when processing AI platform requests. A remote attacker can send crafted input to execute arbitrary code.
Exploitation is possible in certain circumstances without authentication.