ServiceNow Responds to Security Issue After Unauthenticated Access Reports

Update applied.
Emily Hill
Contributing Writer
Security padlock and human hands in retro collage vector illustration

ServiceNow has disclosed a security issue that, under certain circumstances, could allow an unauthenticated user to gain unintended access to information stored in customer instances. The company applied a security update on June 5, 2026, after investigating reports submitted through both customer bug bounty programs and ServiceNow’s own bug bounty program.

According to ServiceNow, similar reports were submitted by customers on June 3-4, 2026, and matched a confidential bug bounty submission the company received on April 22, 2026. During its investigation, ServiceNow identified a subset of customer instances that experienced unattributed activity beginning on June 2, 2026.

While the company confirmed that some customer instances were successfully queried, it stated that its investigation currently indicates the activity may be attributable to security researchers or customers conducting their own security research.

ServiceNow emphasized that its investigation remains ongoing.

Why It Matters: ServiceNow is widely used by enterprises to manage IT operations, HR workflows, customer service processes, and business processes. Because customer instances can contain operational data, employee information, support records, asset inventories, and internal documentation, unauthorized access to those environments raises concerns about the exposure of sensitive business information.

  • A subset of customer instances were successfully queried: ServiceNow confirmed that some customer instances were queried as part of the observed activity. The company has opened dedicated support cases for impacted customers and says customers affected by the activity have been notified directly.
  • The issue involved unauthenticated access under certain circumstances: According to ServiceNow, the vulnerability could allow an unauthenticated user to gain unintended access to information in customer instances. The company has not publicly disclosed detailed technical information about the flaw.
  • Researchers may have been responsible for the observed activity: ServiceNow stated that two security researchers submitted a report to its bug bounty program on June 7, 2026. Based on its investigation to date, the company has reason to believe the observed activity can be attributed to security researchers or customers conducting their own research, though the investigation remains ongoing.
  • Researchers say they did not retain customer data: ServiceNow reported that the researchers involved confirmed the IP addresses used during their testing, stated they did not screenshot, use, or retain any successfully queried data, and indicated that queries were performed solely to validate their findings and submit bug bounty reports.
  • Questions remain about the disclosure timeline: ServiceNow acknowledged receiving a similar confidential bug bounty submission on April 22, 2026, before additional reports surfaced in early June. The company has not publicly commented on claims circulating in online forums regarding earlier awareness of the vulnerability beyond the dates disclosed in its advisory.

Go Deeper -> ServiceNow data breach: security issue gives attacker access – Cybernews

ServiceNow discloses security incident exposing customer data – Bleeping Computer

ServiceNow Patches Vulnerability Exploited Against Some Customers – SecurityWeek

Trusted insights for technology leaders

Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.

Subscribe to our 4x a week newsletter to keep up with the insights that matter.

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of the CIO Professional Network.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Name
Newsletters