CVE-2026-0542 – ServiceNow AI Platform Remote Code Execution Fix

CVE-2026-0542 is a critical remote code execution vulnerability in the ServiceNow AI Platform that allows an unauthenticated attacker to execute arbitrary code within the platform’s sandbox environment under certain conditions — meaning an attacker could trigger harmful actions without any login credentials. It’s tied to improper isolation/compartmentalization in the ServiceNow AI Sandbox, letting malicious input escape the intended containment. The vulnerability is assigned a CVSS v4.0 score of 9.2 (Critical) because it can be triggered remotely over a network with no authentication required and could compromise confidentiality, integrity, and availability of the affected instance. 

ServiceNow has released security updates for all affected hosted and self-hosted instances to eliminate the weakness in the AI Platform. Hosted customers received automatic updates early in 2026 as part of the vendor’s patch rollout, and self-hosted or partner customers should apply the corresponding hotfixes or upgraded releases as soon as possible. As of the advisory publication, there are no confirmed reports of this vulnerability being exploited in the wild, but because it requires no authentication, exposed instances remain high-risk until patched.