- ServiceNow has patched a vulnerability allowing unauthenticated users excessive access to certain customer instances.
- The company detected “anomalous activity” and evidence of successful queries against a subset of customers.
- The issue, known internally for about two months, primarily impacted customers on the “Australia” platform release.
- No CVE identifier has been assigned to this security flaw at this time.
On June 10, 2026, reports surfaced that enterprise software giant ServiceNow addressed a critical security flaw after threat actors exploited it to gain unauthorized access to customer systems. The company issued a security update on June 5 following the detection of suspicious activity.
According to an advisory, the vulnerability allowed an unauthenticated user to obtain greater access to ServiceNow instances than intended. Consequently, the update changed an endpoint configuration to restrict access solely to authenticated users.
Meanwhile, discussions on Reddit provided early details about the incident before the official disclosure. ServiceNow confirmed it observed evidence of successful queries against a subset of customers.
The company stated the security issue primarily pertains to customers on the Australia platform release. However, a Reddit user claimed their security team reported the flaw to ServiceNow, which had internally known about it since April.
For approximately two months, ServiceNow reportedly classified it as a non-urgent issue. Impacted customers have been notified directly by the company as the situation develops.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
