Vulnerability and Exploitation Details
ServiceNow has issued an advisory about a security incident where unknown attackers exploited a configuration flaw to gain unauthorized access to customer instances. The company applied a security update to hosted customer instances on June 5, 2026, addressing an issue that could allow an unauthenticated user, under certain circumstances, to access more information than intended. The update modified an endpoint configuration to restrict access to authenticated users. The flaw currently lacks a CVE identifier. The issue first surfaced in discussions on Reddit.
Impact and Response
ServiceNow reported detecting anomalous activity related to the vulnerability and confirmed that a subset of customer instances was successfully queried. Affected customers have been notified. The issue is specific to customers on the Australia platform release or those with certain configuration changes on older releases. According to a Reddit post by user “d3s7iny,” the company had been aware of the problem internally since early April but classified it as nonurgent, planning a fix in a future release. Malicious activity began around June 2, and customer bug bounty submissions starting June 3 further highlighted the flaw. A ServiceNow spokesperson stated the priority was to contact directly affected customers, noting the incident was not broad.
Source: The Hacker News
