What happened
ServiceNow disclosed and patched a critical (CVSS 9.5) remote code execution vulnerability in the ServiceNow AI Platform. The flaw allows an unauthenticated user, under certain circumstances, to escape the platform's AI sandbox isolation and execute code within the ServiceNow environment. Confirmed via direct fetch of both the NVD entry and ServiceNow's own KB3137947 advisory, both dated 2026-07-13.
Why it matters
ServiceNow AI Platform is deployed broadly across enterprise IT service management, workflow automation, and AI-driven agent workflows. A sandbox escape in the AI execution environment could let an unauthenticated attacker pivot from an isolated AI code-execution context to the underlying platform, exposing sensitive organizational data, automation logic, and integration credentials across a widely-used enterprise SaaS platform.
Attack vector
An unauthenticated attacker sends crafted requests to the ServiceNow AI Platform's sandbox component (CWE-653, Improper Isolation/Compartmentalization) to break out of the intended AI code-execution sandbox and execute arbitrary code within the platform, in certain circumstances without authentication.
Affected systems
ServiceNow AI Platform (hosted, self-hosted, and partner-hosted instances)
Mitigation
ServiceNow has deployed a security update to hosted instances; self-hosted customers and partners should apply the corresponding security update per ServiceNow KB3137947.