Bug Bounty Research Triggers ServiceNow Security Alert

Bug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances.

June 10, 2026

ServiceNow warned that a vulnerability may have been used to target customer environments, but the company has since attributed this activity to bug bounty research.

The business workflow software company yesterday informed customers that, through a gated knowledge base article, the company detected anomalous activity related to a "security issue." The issue, which the company did not explicitly call a vulnerability, could allow greater access than intended. Moreover, an unauthorized user was able to successfully query certain instance tables belonging to a subset of ServiceNow customers.

The issue was addressed in a June 5 update, which was applied to hosted customer instances. In the initial knowledge base article, the only technical detail described was that "The security update changes an endpoint configuration to limit access to authenticated users."