CVE-2026-0542

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox. ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and hot fixes. While we are not currently aware of exploitation against customer instances, we recommend customers promptly apply appropriate updates or upgrade if they have not already done so.

CVSS

No CVSS.

References

Link	Resource
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2693566

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) ServiceNow ha abordado una vulnerabilidad de ejecución remota de código que fue identificada en la plataforma de IA de ServiceNow. Esta vulnerabilidad podría permitir a un usuario no autenticado, en ciertas circunstancias, ejecutar código dentro del sandbox de ServiceNow. ServiceNow abordó esta vulnerabilidad desplegando una actualización de seguridad en las instancias alojadas. Las actualizaciones de seguridad relevantes también se han proporcionado a los clientes y socios de ServiceNow con autoalojamiento. Además, la vulnerabilidad se aborda en los parches y hot fixes listados. Si bien no tenemos conocimiento actual de explotación contra instancias de clientes, recomendamos a los clientes aplicar rápidamente las actualizaciones apropiadas o actualizar si aún no lo han hecho.

25 Feb 2026, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-25 21:16

Updated : 2026-04-15 00:35

NVD link : CVE-2026-0542

Mitre link : CVE-2026-0542

CVE.ORG link : CVE-2026-0542

JSON object : View

Products Affected

No product.

CWE

CWE-653

Improper Isolation or Compartmentalization

{"id": "CVE-2026-0542", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@servicenow.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-25T21:16:36.147", "references": [{"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2693566", "source": "psirt@servicenow.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@servicenow.com", "description": [{"lang": "en", "value": "CWE-653"}]}], "descriptions": [{"lang": "en", "value": "ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.\u00a0\u00a0\u00a0\n\n\n\n\n\nServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and hot fixes. While we are not currently aware of exploitation against customer instances, we recommend customers promptly apply appropriate updates or upgrade if they have not already done so."}, {"lang": "es", "value": "ServiceNow ha abordado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo que fue identificada en la plataforma de IA de ServiceNow. Esta vulnerabilidad podr\u00eda permitir a un usuario no autenticado, en ciertas circunstancias, ejecutar c\u00f3digo dentro del sandbox de ServiceNow.\n\nServiceNow abord\u00f3 esta vulnerabilidad desplegando una actualizaci\u00f3n de seguridad en las instancias alojadas. Las actualizaciones de seguridad relevantes tambi\u00e9n se han proporcionado a los clientes y socios de ServiceNow con autoalojamiento. Adem\u00e1s, la vulnerabilidad se aborda en los parches y hot fixes listados. Si bien no tenemos conocimiento actual de explotaci\u00f3n contra instancias de clientes, recomendamos a los clientes aplicar r\u00e1pidamente las actualizaciones apropiadas o actualizar si a\u00fan no lo han hecho."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@servicenow.com"}