ServiceNow disclosed a security incident involving a vulnerability in a web-based API endpoint. This flaw allowed attackers to query data from customer instances without authentication.
The company detected unusual activity and applied a security update to hosted instances on June 5, 2026. This patch reconfigures the API endpoint to require mandatory authentication.
ServiceNow confirmed that attackers successfully queried customer instance tables before the implementation of the fix. The company is currently notifying affected customers through its support portal.
The specific nature of the accessed data remains undisclosed. ServiceNow instances typically store a wide range of sensitive corporate information.