ServiceNow AI Platform Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the ServiceNow AI platform. This issue could allow an unauthenticated user, under certain circumstances, to execute code within the ServiceNow Sandbox. ServiceNow has deployed security updates to address this vulnerability for both hosted and self-hosted customers. While there are no known instances of exploitation against customers, it is recommended that users apply the available updates or upgrades.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution within the ServiceNow Sandbox environment.

Remediation

ServiceNow has released security updates for this vulnerability. Affected hosted customer instances received the update on January 6, 2026. Self-hosted customers and partners can refer to the ServiceNow Knowledge Base for guidance on applying the update. Customers who participated in the January Patching Program have already received the appropriate update.