Industry Newsvirtual agentservice nowagentsvulnerability

ServiceNow Vulnerability Enables Full User Impersonation

itsecuritynews.info

|January 19, 2026

9.0

Relevance Score

ServiceNow Vulnerability Enables Full User Impersonation

On January 19, 2026, a security researcher disclosed a critical vulnerability in ServiceNow’s Virtual Agent API and Now Assist AI Agents application, tracked as CVE-2025-12420 and dubbed "BodySnatcher." The flaw allows unauthenticated attackers to impersonate any user using only an email address, bypassing MFA and SSO to execute privileged AI workflows and create backdoor administrator accounts. Enterprises should urgently apply vendor patches and audit agent integrations.

ServiceNow Vulnerability Enables Full User Impersonation

More AI & Data Science News

South Korea And Italy Expand AI And Defence Cooperation

iFlytek Unveils SuperAgent Marketing Application Framework

Scoring Rationale

Sources

Trump Proposes Tariffs, Markets Slip Globally

Shunya Labs Releases Zero Codeswitch Speech Model