Press TechRound interviews Secure.com CEO on the future of AI security
Read

ServiceNow Slams the Door on a Critical AI Platform Bug Before Hackers Find It

ServiceNow patched CVE-2026-6875, a critical unauthenticated RCE in its AI Platform. See who is affected and how to patch.

Dateline: July 14, 2026

Unauthenticated and Critical: Inside ServiceNow’s Latest RCE Fix

ServiceNow just quietly fixed a serious hole in its AI Platform, and the details are worth your attention. A flaw scored 9.5 out of 10 could have let an attacker run their own code inside a customer environment without ever logging in. No password, phishing, or stolen tokens. Just a way in. The company says nobody has been caught using it yet. That window is exactly why you move now.

What Happened?

On July 13, 2026, ServiceNow published an advisory for a vulnerability tracked as CVE-2026-6875. It is a sandbox escape in the ServiceNow AI Platform, the layer that runs across most of the company’s IT service management and workflow tools.

Here is the short version of how a sandbox escape works. A sandbox is a locked room built to run untrusted code safely, walled off from everything else. When the walls fail, code that was supposed to stay inside gets out and runs where it should never reach. That is what this bug allowed.

The catch that makes it worse: an attacker did not need an account. ServiceNow’s advisory KB3137947 describes it as an unauthenticated flaw, exploitable under certain conditions with no valid login. The bug was reported by researcher Adam Kues of Assetnote and carries a critical CVSS 4.0 score of 9.5. ServiceNow has not shared technical details, attack steps, or proof of concept code, which is standard practice while customers patch.

What’s the Impact?

ServiceNow sits at the center of a lot of enterprise plumbing. It connects to identity systems, cloud services, endpoint tools, and internal business apps. So a foothold here is rarely just a foothold.

Code running loose inside a ServiceNow instance could mean stolen business data, tampered workflows, harvested API tokens and credentials, and lateral movement into every system ServiceNow touches. For an unauthenticated bug, the barrier to entry is low and the potential blast radius is wide. That combination is what earns a 9.5.

Worth noting: ServiceNow reports no known exploitation as of the advisory. Treat that as breathing room, not permission to wait.

Indicators of Compromise (IOCs)

There are no published IOCs for CVE-2026-6875. ServiceNow has not released exploit details, and no active exploitation has been reported, so there are no attacker IP addresses, hashes, or domains tied to this specific bug yet. That is common for a flaw disclosed at patch time before any real world attacks.

CVE-2026-6875 Fixed Releases
ServiceNow AI Platform RCE
Upgrade to your family’s fixed release or later. Hosted instances received the update from ServiceNow.
Critical CVSS 4.0: 9.5
Brazil Brazil EA
Brazil Brazil GA
Australia Australia Patch 2
Zurich Zurich Patch 7b
Zurich Zurich Patch 9
Yokohama Yokohama Patch 12 Hot Fix 1b
Yokohama Yokohama Patch 13
Source: ServiceNow advisory KB3137947. Any version before the fixed release listed for your family is affected. No active exploitation reported as of July 13, 2026. Confirm exact patch strings against the KB before matching your instance.

How to Avoid This

The fix is already out. Your job is to confirm it landed.

  • If you run hosted instances, ServiceNow deployed the update to its cloud environments. Verify your instance received it, especially if change control or custom configs could delay validation.
  • If you run self-hosted or partner deployments, find your current family and patch level, then upgrade to a fixed release.

The patched versions are Brazil EA, Brazil GA, Australia Patch 2, Zurich Patch 7b, Zurich Patch 9, Yokohama Patch 12 Hot Fix 1b, and Yokohama Patch 13.

After patching, do a quick sweep. Review admin activity, integration credentials, API usage, and any odd workflow changes for signs of tampering. Where you can, limit network access to AI Platform endpoints so they are not wide open to the internet.

Don’t Let a 9.5 Sit in Your Backlog

Critical CVEs pile up fast, and the risky ones get buried under noise. The trick is knowing which flaw on which asset actually deserves your attention today. Secure.com’s Digital Security Teammates help by: 

  • Ranking every CVE by real exploitability and asset criticality, so a 9.5 on a connected platform floats to the top of a sorted fix-first list. 
  • Mapping each vulnerability to the exact assets and owners it affects, no spreadsheet hunting. 
  • Tracking patch SLAs and nudging owners before deadlines slip. 
  • Watching KEV and NVD feeds daily, so a bug that turns into active exploitation gets escalated the moment it does.