Browse all 21 CVE security advisories affecting Servicenow. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ServiceNow operates as a cloud-based platform primarily used for IT service management, automating workflows for incident, change, and problem management across enterprise environments. Its architecture, which integrates numerous modules and third-party integrations, has historically exposed it to diverse vulnerability classes. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from complex input validation failures or insecure direct object references within its web interface. While the platform employs robust encryption and access controls, its expansive attack surface presents significant risks if misconfigured. Notable security incidents have included data exfiltration attempts and unauthorized access due to weak authentication mechanisms, highlighting the critical importance of rigorous patch management and strict identity governance to mitigate potential exploitation of these systemic weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0542 | Remote Code Execution in ServiceNow AI Platform — ServiceNow AI PlatformCWE-653 | 9.8AI | CriticalAI | 2026-02-25 |
| CVE-2025-11449 | Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI PlatformCWE-79 | 6.1AI | MediumAI | 2025-10-10 |
| CVE-2025-11450 | Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI PlatformCWE-79 | 6.1AI | MediumAI | 2025-10-10 |
| CVE-2025-3089 | Broken Access Control in ServiceNow AI Platform — ServiceNow AI PlatformCWE-639 | 6.5AI | MediumAI | 2025-08-12 |
This page lists every published CVE security advisory associated with Servicenow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.