ServiceNow warned customers that attackers exploited an unauthenticated API flaw to query data from customer instances, prompting the company to apply a security update on June 5, 2026. The incident affected some Australia release customers and older instances with certain configurations, with administrators advised to check logs for suspicious requests and review exposed support data. #ServiceNow #Australia
Keypoints
- Attackers exploited an unauthenticated access flaw in a ServiceNow API endpoint.
- The issue allowed querying data from customer instances.
- ServiceNow applied a security update to hosted instances on June 5, 2026.
- The flaw impacted some Australia release customers and older configured instances.
- Administrators should review logs, exposed tickets, and rotate any shared credentials or tokens.