ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances.
The company quietly warned impacted customers through a support bulletin and direct support cases after detecting "anomalous activity" related to the issue.
The bulletin, which is hidden behind ServiceNow's customer support login portal, states that the company applied a security update to hosted customer instances on June 5, 2026.
"On June 5, 2026, ServiceNow applied a security update to hosted customer instances," reads the support bulletin.
"The update concerned a security issue that could allow an unauthenticated user, in certain circumstances, to gain greater access to ServiceNow instances than intended."
