PT-2026-22008 · Servicenow · Servicenow
Published
2026-02-25
·
Updated
2026-02-27
·
CVE-2026-0542
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ServiceNow (affected versions not specified)
Description
A remote code execution issue exists within the ServiceNow AI platform. An unauthenticated user, under specific conditions, could potentially execute code within the ServiceNow Sandbox. While there is no current evidence of exploitation in customer environments, the vulnerability has been addressed through security updates deployed to hosted instances and provided to self-hosted customers and partners.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Servicenow