Critical ServiceNow RCE Flaws Hit Core and AI Platform Deployments
ServiceNow customers were urged to patch multiple critical remote code execution vulnerabilities after reports that flaws in the platform were being actively exploited. One set of bugs affected core ServiceNow deployments and was serious enough to trigger immediate warnings from security researchers and industry media, highlighting the risk of unauthenticated or low-friction compromise in widely used enterprise workflow environments.
A separate report later identified another critical RCE vulnerability in the ServiceNow AI Platform, expanding concern from the core platform to newer AI-enabled components. Together, the disclosures indicate that attackers have had viable paths to execute code against ServiceNow environments across both traditional and AI-related services, raising the stakes for organizations that use the platform for IT, HR, security, and business process automation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
New ServiceNow AI Platform RCE vulnerability is reported
A separate remote code execution vulnerability affecting the ServiceNow AI Platform was publicly reported. The issue was described as allowing remote code execution, indicating a new technical development beyond the 2024 flaws.
ServiceNow discloses critical RCE flaws under active exploitation
ServiceNow disclosed critical remote code execution vulnerabilities affecting its platform, with reporting indicating the bugs were being actively exploited in the wild. The disclosure prompted urgent patching guidance for affected customers.
Assetnote discloses chained ServiceNow bugs enabling pre-auth compromise
Assetnote reported a chain of three ServiceNow vulnerabilities, CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217, that could allow pre-authentication compromise, database access, and in some cases command execution via MID Servers. The researchers said they disclosed the issues to ServiceNow on May 14, 2024, and ServiceNow rolled out patches and hotfixes, including June updates for two of the CVEs.
Sources
3 references tracked. Mallory keeps watching after this page renders.
ServiceNow AI Platform Vulnerability Allows Remote Code Execution
gbhackers.com
Open sourcePatch Now: ServiceNow Critical RCE Bugs Under Active Exploit
darkreading.com
Open sourceChaining Three Bugs to Access All Your ServiceNow Data
assetnote.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Unauthenticated RCE in ServiceNow AI Platform Sandbox (CVE-2026-0542)
ServiceNow patched a **critical unauthenticated remote code execution (RCE)** vulnerability in the *ServiceNow AI Platform* tracked as **CVE-2026-0542**. The flaw can allow an unauthenticated attacker, under certain conditions, to execute code within the **ServiceNow Sandbox**—a restricted environment intended to isolate untrusted code—creating risk of broader instance compromise, including potential data theft and workflow manipulation. Public technical details were limited, but the issue was characterized as remotely reachable (typically over HTTPS) and high impact, with reporting citing **critical severity (CVSS 9.8)**. ServiceNow’s advisory (**KB2693566**) states the company deployed security updates to affected **hosted customer instances** and also made updates available to **self-hosted customers and partners** via patches/hotfixes. As of the advisory information reflected in CVE tracking, ServiceNow reported it was **not aware of active exploitation against customer instances**, but recommended customers apply the relevant updates or upgrade promptly to mitigate the risk from an unauthenticated RCE path into the sandboxed execution environment.
Mar 21, 2026
ServiceNow AI Platform Flaw (CVE-2025-12420) Enables Unauthenticated User Impersonation
ServiceNow disclosed and remediated a **critical** vulnerability in its AI Platform, tracked as **CVE-2025-12420** (CVSS **9.3**), that could allow an **unauthenticated attacker to impersonate legitimate users** and perform actions with the victim’s entitlements. The issue impacts ServiceNow AI features including **Now Assist AI Agents** and the **Virtual Agent API**; ServiceNow reported deploying fixes to most hosted instances in October 2025 and providing updates to partners and self-hosted customers, and stated it has **no evidence of exploitation** prior to remediation. Research associated with the disclosure highlighted broader risks in enterprise AI agent deployments, including the potential for **second-order prompt injection** when default settings and agent-to-agent capabilities (e.g., *agent discovery*) are not tightly controlled. In testing described by the reporting, low-privileged users could embed malicious instructions into data fields later processed by higher-privileged AI agents, potentially leading to unauthorized access or changes; customers were advised to upgrade to patched releases (including *Now Assist AI Agents* `5.1.18+` / `5.2.19+` and *Virtual Agent API* `3.15.2+` / `4.0.4+`) and to apply relevant security updates across hosted and self-managed environments.
Mar 21, 2026
Authentication Bypass Vulnerabilities in ServiceNow Now Assist and ABB Ability OPTIMAX
Two separate **critical authentication-bypass** issues were disclosed affecting enterprise platforms, each enabling user impersonation without valid credentials. AppOmni researcher **Aaron Costello** reported a ServiceNow flaw in the **Virtual Agent API** and **Now Assist AI Agents** that allows an unauthenticated attacker to impersonate any ServiceNow user (including admins) and execute privileged AI agents remotely. Tracked as **CVE-2025-12420**, the issue stems from a **hardcoded, platform-wide shared secret** used for AI agent channel providers combined with **insecure account-linking logic** that trusts a requester presenting the shared token plus a victim email address, effectively bypassing **MFA/SSO** controls; affected components include *sn_aia* (Now Assist AI Agents) and *sn_va_as_service* (Virtual Agent API), with fixes available in updated versions. ABB issued a critical advisory for **ABB Ability™ OPTIMAX®** energy management systems using **Azure Active Directory SSO**, warning that **CVE-2025-14510** (CVSS v4.0 **9.2**) can allow attackers to bypass authentication and impersonate legitimate users, potentially leading to full administrative control and impacts such as system shutdown, configuration modification, and arbitrary code execution. The vulnerability affects OPTIMAX versions **6.1–6.4** released prior to **Nov 20, 2025**, and ABB recommends upgrading to patched releases (including **v6.4.1-251120** or **v6.3.1-251120** and later) or applying mitigations if immediate patching is not possible.
Mar 21, 2026