PatchSiren cyber security CVE debrief
CVE-2026-6875 ServiceNow CVE debrief
CVE-2026-6875 is a remote code execution vulnerability identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners. The vulnerability is addressed in listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. We are not currently aware of exploitation against ServiceNow instances. Customers are recommended to promptly apply appropriate updates or upgrade to a patched release if they have not already done so.
- Vendor
- ServiceNow
- Product
- ServiceNow AI Platform
- CVSS
- CRITICAL 9.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-14
Who should care
Organizations using ServiceNow AI platform should prioritize applying security updates or upgrading to patched releases to mitigate the risk of remote code execution. This includes operators managing ServiceNow instances, platform administrators, vulnerability management teams, and security teams responsible for monitoring and protecting against potential threats. They should review and apply patches, implement compensating controls if necessary, and monitor for signs of exploitation or anomalous activity.
Technical summary
The CVE-2026-6875 vulnerability in the ServiceNow AI platform allows unauthenticated users to execute code under certain conditions. ServiceNow has addressed this issue with security updates for hosted instances and provided relevant updates for self-hosted customers and partners. The vulnerability is patched in specified releases available to all customers and partners. There is no current evidence of exploitation.
Defensive priority
High
Recommended defensive actions
- Apply security updates or patches provided by ServiceNow for the AI platform
- Upgrade to a patched release if not already done
- Review and implement compensating controls if immediate patching is not feasible
- Monitor for any signs of exploitation or anomalous activity
- Inventory and verify all ServiceNow instances for vulnerability
Evidence notes
The CVE record was published on 2026-07-13T19:17:36.440Z and was last modified on 2026-07-13T20:16:50.020Z. The NVD entry is currently Awaiting Analysis. ServiceNow has provided a security update and patches for the vulnerability.
Official resources
-
CVE-2026-6875 CVE record
CVE.org
-
CVE-2026-6875 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T19:17:36.440Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.