CVE-2026-6875
Gravedad CVSS v4.0:
CRÍTICA
Tipo:
CWE-94
Control incorrecto de generación de código (Inyección de código)
Fecha de publicación:
13/07/2026
Última modificación:
14/07/2026
Descripción
*** Pendiente de traducción *** ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform.<br />
<br />
<br />
ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners.<br />
<br />
<br />
<br />
<br />
Further, the vulnerability is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. We are not currently aware of exploitation against ServiceNow instances.<br />
<br />
<br />
<br />
<br />
We recommend customers promptly apply appropriate updates or upgrade to a patched release if they have not already done so.
Impacto
Puntuación base 4.0
9.50
Gravedad 4.0
CRÍTICA



