Skip to content

Let's Data ScienceLEARN • BUILD • STAY AHEAD

News
Blog
Code Problems
Pricing
Contact

© 2026 Let's Data Science

Advertise|Terms|Privacy||Image Rights

NewsServiceNow Vulnerability Enables Full User Impersonation

Industry Newsvirtual agentservice nowagentsvulnerability

ServiceNow Vulnerability Enables Full User Impersonation

|January 19, 2026

9.0

Relevance Score

ServiceNow Vulnerability Enables Full User Impersonation

On January 19, 2026, a security researcher disclosed a critical vulnerability in ServiceNow’s Virtual Agent API and Now Assist AI Agents application, tracked as CVE-2025-12420 and dubbed "BodySnatcher." The flaw allows unauthenticated attackers to impersonate any user using only an email address, bypassing MFA and SSO to execute privileged AI workflows and create backdoor administrator accounts. Enterprises should urgently apply vendor patches and audit agent integrations.

Scoring Rationale

High novelty and actionable CVE disclosure with broad enterprise impact, balanced by single-source reporting and limited technical details.

Newsletter·Weekly · Free

Weekly AI News

A 5-minute Monday brief on AI & data science. Curated, no fluff.

Email address

No spam. Privacy.

Practice interview problems based on real data

1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems

More AI & Data Science News

Gemini App Debuts Redesigned Android User Interface

Gemini App Debuts Redesigned Android User Interface

Microsoft lets Office users remove Copilot button

Microsoft lets Office users remove Copilot button

Microsoft Reshapes Leadership for AI Era

Microsoft Reshapes Leadership for AI Era

Lumentum Compares Favorably to Coherent in AI Infrastructure

Lumentum Compares Favorably to Coherent in AI Infrastructure

Back to News Feed

News on Let's Data Science is compiled from multiple public sources with editorial oversight. See our Editorial Standards and Corrections Policy.