ServiceNow has reported a security incident affecting certain customer instances, where unauthorized access was gained due to an exploited vulnerability. The company stated that it implemented a security update on June 5, 2026, to address the issue, which involved modifying an endpoint configuration to ensure that only authenticated users could access specific functionalities.
Evidence of unauthorized queries against instance tables was detected, impacting a subset of customers, particularly those using the Australia platform release or who had made specific configuration changes to earlier versions. Customers affected by the breach have been notified, and the software firm's security team was reportedly aware of the issue since April 7, 2026, although it was initially deemed non-urgent.
The flaw does not currently have a CVE identifier, and discussions about it first surfaced on Reddit, where a user claimed to have alerted ServiceNow to the vulnerability. The Hacker News has reached out to the company for further comment and will provide updates as more information becomes available.