CVE-2026-0542 – Remote Code Execution in ServiceNow AI Platform
ServiceNow has published a security advisory describing a remote code execution (RCE) vulnerability in the ServiceNow AI Platform. The issue is tracked as CVE-2026-0542.
Remote code execution vulnerabilities allow an attacker to run arbitrary code on affected systems, potentially leading to full compromise of the platform and access to sensitive data. Organizations using ServiceNow AI Platform should treat this as high priority and apply vendor-released patches or mitigations as soon as they are available.
ServiceNow provides detailed remediation steps and fixed versions in their Knowledge Base. Security and operations teams should review the official advisory (KB2693566), verify their deployment versions, and plan updates in line with ServiceNow's guidance and their change-management process.
Recommended actions
- Check your ServiceNow AI Platform version against the affected and patched versions in the advisory.
- Apply the vendor-released patch or upgrade path as soon as practicable.
- Monitor authentication and access logs for suspicious activity until the fix is deployed.