Sandbox Escape: Critical 9.2 Severity RCE Flaw Unmasked in ServiceNow AI Platform

ServiceNow administrators and security teams need to ensure their environments are up to date following the disclosure of a highly critical vulnerability affecting the ServiceNow AI Platform. The flaw, which allows for remote code execution, has prompted swift action and patching from the software giant.

Tracked as CVE-2026-0542, this security flaw carries a severe CVSSv4 score of 9.2.

The core of the issue lies within the platform’s AI sandbox environment. As stated in the official advisory, “this vulnerability could potentially enable an unauthenticated user, in certain circumstances, to remotely execute code within the ServiceNow Sandbox”.

Because the vulnerability can be triggered without authentication, it poses a significant risk to unpatched systems. ServiceNow reassures users that, “at this time, ServiceNow is unaware of this issue being exploited in the wild against customer instances”.

ServiceNow has already taken significant steps to shield its user base. According to the advisory, “on January 6, 2026, ServiceNow addressed this vulnerability by deploying a security update to affected hosted customer instances”. Furthermore, updates were made available for self-hosted customers and partners.

If you are unsure whether your organization was at risk, there is an easy way to tell: “if a notification was not received, your instance was not impacted”. Additionally, organizations that participated in the January Patching Program have already received the necessary fixes.

For teams that manage their own updates, ServiceNow recommends that you “promptly apply the below updates or newer if they have not already done so”.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy