Unauthenticated RCE in ServiceNow AI Platform Sandbox (CVE-2026-0542)
ServiceNow patched a critical unauthenticated remote code execution (RCE) vulnerability in the ServiceNow AI Platform tracked as CVE-2026-0542. The flaw can allow an unauthenticated attacker, under certain conditions, to execute code within the ServiceNow Sandbox—a restricted environment intended to isolate untrusted code—creating risk of broader instance compromise, including potential data theft and workflow manipulation. Public technical details were limited, but the issue was characterized as remotely reachable (typically over HTTPS) and high impact, with reporting citing critical severity (CVSS 9.8).
ServiceNow’s advisory (KB2693566) states the company deployed security updates to affected hosted customer instances and also made updates available to self-hosted customers and partners via patches/hotfixes. As of the advisory information reflected in CVE tracking, ServiceNow reported it was not aware of active exploitation against customer instances, but recommended customers apply the relevant updates or upgrade promptly to mitigate the risk from an unauthenticated RCE path into the sandboxed execution environment.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
ServiceNow says Australia release fix is planned for Q2 2026
ServiceNow indicated that a fix for the Australia release was still pending and expected in Q2 2026, while hotfixes were already listed for multiple other releases. This marked an outstanding remediation milestone following the main advisory.
Canadian Centre for Cyber Security issues notice on ServiceNow flaw
The Canadian Centre for Cyber Security published advisory AV26-174 highlighting ServiceNow's February 25 security advisory and urging administrators to review affected versions and apply the required updates. The notice specifically referenced CVE-2026-0542 and impacted Australia, Xanadu, Yokohama, and Zurich releases.
ServiceNow publishes advisory for CVE-2026-0542
ServiceNow publicly disclosed and remediated CVE-2026-0542 on February 25, 2026, stating the flaw could allow unauthenticated code execution within the sandbox under certain circumstances. The company said it was not aware of active exploitation and advised customers to apply patches, hotfixes, or upgrade.
ServiceNow deploys security update for hosted AI Platform instances
ServiceNow deployed a security update to hosted customer instances to remediate CVE-2026-0542, a critical unauthenticated remote code execution flaw in the ServiceNow AI Platform sandbox. Updates were also made available to self-hosted customers and partners.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
ServiceNow security advisory (AV26-174) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceCritical ServiceNow AI Platform Vulnerability Enables Remote Code Execution
cybersecuritynews.com
Open sourceCVE-2026-0542 - Remote Code Execution in ServiceNow AI Platform
cvefeed.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Critical ServiceNow RCE Flaws Hit Core and AI Platform Deployments
ServiceNow customers were urged to patch multiple **critical remote code execution** vulnerabilities after reports that flaws in the platform were being **actively exploited**. One set of bugs affected core ServiceNow deployments and was serious enough to trigger immediate warnings from security researchers and industry media, highlighting the risk of unauthenticated or low-friction compromise in widely used enterprise workflow environments. A separate report later identified another **critical RCE vulnerability** in the **ServiceNow AI Platform**, expanding concern from the core platform to newer AI-enabled components. Together, the disclosures indicate that attackers have had viable paths to execute code against ServiceNow environments across both traditional and AI-related services, raising the stakes for organizations that use the platform for IT, HR, security, and business process automation.
May 25, 2026
ServiceNow AI Platform Flaw (CVE-2025-12420) Enables Unauthenticated User Impersonation
ServiceNow disclosed and remediated a **critical** vulnerability in its AI Platform, tracked as **CVE-2025-12420** (CVSS **9.3**), that could allow an **unauthenticated attacker to impersonate legitimate users** and perform actions with the victim’s entitlements. The issue impacts ServiceNow AI features including **Now Assist AI Agents** and the **Virtual Agent API**; ServiceNow reported deploying fixes to most hosted instances in October 2025 and providing updates to partners and self-hosted customers, and stated it has **no evidence of exploitation** prior to remediation. Research associated with the disclosure highlighted broader risks in enterprise AI agent deployments, including the potential for **second-order prompt injection** when default settings and agent-to-agent capabilities (e.g., *agent discovery*) are not tightly controlled. In testing described by the reporting, low-privileged users could embed malicious instructions into data fields later processed by higher-privileged AI agents, potentially leading to unauthorized access or changes; customers were advised to upgrade to patched releases (including *Now Assist AI Agents* `5.1.18+` / `5.2.19+` and *Virtual Agent API* `3.15.2+` / `4.0.4+`) and to apply relevant security updates across hosted and self-managed environments.
Mar 21, 2026
Authentication Bypass Vulnerabilities in ServiceNow Now Assist and ABB Ability OPTIMAX
Two separate **critical authentication-bypass** issues were disclosed affecting enterprise platforms, each enabling user impersonation without valid credentials. AppOmni researcher **Aaron Costello** reported a ServiceNow flaw in the **Virtual Agent API** and **Now Assist AI Agents** that allows an unauthenticated attacker to impersonate any ServiceNow user (including admins) and execute privileged AI agents remotely. Tracked as **CVE-2025-12420**, the issue stems from a **hardcoded, platform-wide shared secret** used for AI agent channel providers combined with **insecure account-linking logic** that trusts a requester presenting the shared token plus a victim email address, effectively bypassing **MFA/SSO** controls; affected components include *sn_aia* (Now Assist AI Agents) and *sn_va_as_service* (Virtual Agent API), with fixes available in updated versions. ABB issued a critical advisory for **ABB Ability™ OPTIMAX®** energy management systems using **Azure Active Directory SSO**, warning that **CVE-2025-14510** (CVSS v4.0 **9.2**) can allow attackers to bypass authentication and impersonate legitimate users, potentially leading to full administrative control and impacts such as system shutdown, configuration modification, and arbitrary code execution. The vulnerability affects OPTIMAX versions **6.1–6.4** released prior to **Nov 20, 2025**, and ABB recommends upgrading to patched releases (including **v6.4.1-251120** or **v6.3.1-251120** and later) or applying mitigations if immediate patching is not possible.
Mar 21, 2026