Image: SLCyberSec
- CVE: CVE-2026-6875
- CVSS: 9.5 (Critical · CVSSv4)
- Product: ServiceNow AI Platform
- Affected: < Australia Patch 2, < Yokohama Patch 12 Hot Fix 1b, < Yokohama Patch 13, < Zurich Patch 7b, < Zurich Patch 9, < Brazil EA (+1 more)
- Impact: Sandbox Escape in ServiceNow AI Platform
- Status: Exploited in the wild!
- Patched in: Australia Patch 2, Yokohama Patch 12 Hot Fix 1b, Yokohama Patch 13, Zurich Patch 7b (+3 more)
- EPSS: 0.5% (30-day)
- Action: Update to Australia Patch 2, Yokohama Patch 12 Hot Fix 1b, Yokohama Patch 13, Zurich Patch 7b (+3 more) now
TL;DR
A critical flaw in the ServiceNow AI platform allows unauthenticated users to run arbitrary commands. DefusedCyber flagged this ServiceNow sandbox escape RCE as actively exploited. Furthermore, researchers publicly disclosed the vulnerability details and proof-of-concept exploit code.
Why It Matters
This defect carries a severe 9.5 CVSS score. Consequently, threat actors can bypass security controls to access sensitive corporate data. DefusedCyber confirms active attacks using this pre-auth code execution flaw. The public disclosure of the PoC significantly lowers the barrier for cybercriminals. Sourced estimates for affected install counts are currently unavailable. However, the widespread use of this platform makes the threat highly critical. Immediate action is required to prevent widespread network breaches.
How the Attack Works
Attackers target a specific pre-authentication sink located at the /assessment_thanks.do endpoint. They send crafted payloads to this exposed interface over the network. Next, a sandbox-escape gadget triggers a code-execution primitive. Ultimately, this mechanism grants the attacker complete remote code execution capabilities. The attack does not require any prior authentication or user interaction. DefusedCyber noted, “the sandbox-escape gadget reaches the same code-execution primitive by a different route than their published PoC.” Therefore, attackers are actively adapting their methods to bypass current detections.
Affected Versions
This ServiceNow sandbox escape RCE impacts several major releases. Specifically, unpatched versions of the Brazil, Australia, Zurich, and Yokohama families remain vulnerable. The vulnerability exists within the core platform architecture.
Patch or Mitigation Steps
ServiceNow released security updates for hosted and self-hosted instances. Administrators must apply these patches immediately to protect their networks. The update introduces a Guarded Script feature to block complex scripts from guest traffic. Simple scripts will continue to function normally. Cloud instances will phase in enforcement for authenticated traffic over four weeks. Meanwhile, on-premises instances require administrators to advance the enforcement phases manually. You can read the official ServiceNow security advisory for guidance. Also, review the SLCyberSec technical research for exploit details.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.