Exposed API Endpoint

ServiceNow Confirms Unauthorized Access to Customer Data

Cyber Crime, Customer Data Exposure, ServiceNow Customer Data Exposure, ServiceNow unauthorized access vulnerability, ServiceNow vulnerability, ServiceNow, Hack
Facebook
X
LinkedIn
Reddit
WhatsApp

A misconfigured API endpoint allowed unauthorized users to access data stored in ServiceNow instances. The company did not release a fix until several weeks after receiving a bug bounty report.

ServiceNow has confirmed that a configuration error within its platform enabled unauthenticated access to customer data. According to reports from administrators familiar with the issue, a REST endpoint was exposed without requiring user authentication. The company said it became aware of the problem after detecting unusual activity and notified affected customers through its internal support portal as well as direct case notifications.

Ad

Security Fix Rolled Out in Early June

On June 5, 2026, ServiceNow deployed a security update across all hosted customer instances. The configuration change ensures that the affected endpoint is now accessible only to authenticated users. According to an internal company bulletin, attackers had successfully exploited the vulnerability prior to the update and executed queries against customer database tables.

ServiceNow did not disclose exactly which data was accessed. However, affected instances commonly contain IT support tickets, employee records, internal documentation, and security-related configuration information.

“On June 5, 2026, ServiceNow applied a security update to hosted customer instances. The update addressed a security vulnerability that, under certain circumstances, could allow an unauthenticated user to gain broader access to ServiceNow instances than intended.”

Ad

ServiceNow

More Than Six Weeks Between Report and Patch

A confidential bug bounty submission describing a similar issue was reportedly submitted to ServiceNow on April 22, 2026. Despite the early disclosure, the company did not release a security update until more than six weeks later, after activity targeting customer instances had already been observed.

ServiceNow has not yet provided an explanation for the delayed remediation.

In a subsequent statement, the company said the observed access activity was likely associated with security researchers or bug bounty participants rather than malicious threat actors.

(lb)


Ad
AI, employees using AI tools at work, Bring Your Own AI risks in enterprises, AI tools, AI transformation, AI adoption, IT transformation, enterprise AI, Bring Your Own AI, artificial intelligence
13. June 2026
Bring Your Own AI: When IT Can’t Keep Up
12. June 2026
IT Security Awards 2026
Patch, Patch management, cisa patch deadline, CISA 72 hour patch deadline, new CISA vulnerability management directive, CISA, Cyber Security
12. June 2026
Only 72 Hours to Act: CISA Slashes Patch Deadlines Amid Rise of AI-Powered Attacks
Code, Microsoft Office alternative, Euro Office OnlyOffice, Euro-Office code analysis Russia, European alternative to Microsoft Office, How much Euro-Office code comes from Russia, Euro-Office, Software
12. June 2026
Microsoft Alternative Euro-Office Under Scrutiny: 99% of Its Code Traces Back to Russia

Weitere Artikel

Only 72 Hours to Act: CISA Slashes Patch Deadlines Amid Rise of AI-Powered Attacks
Microsoft Alternative Euro-Office Under Scrutiny: 99% of Its Code Traces Back to Russia
AI Agent OpenClaw Exposes Sensitive Passwords
Google Gemini Down: Hundreds Report Widespread Outage