Find notable cyber news and cases, enriched with sources, timelines, and signals.

ServiceNow hosted customer instances API endpoint access-control security update

Security Patch Release
First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

ServiceNow applied a security update to hosted customer instances on June 5, 2026 to fix an API endpoint access-control issue. The update changed the endpoint so that only authenticated users can access it, reducing the risk of unauthorized access. The affected scope is limited to specific hosted tenants rather than the whole platform. ServiceNow is still evaluating whether to assign a CVE.

Related Happenings

ServiceNow hit by network compromise

Incident
H score25 First: 10.06.2026 10:02 Last: 10.06.2026 10:02 Sources 1

How related: ServiceNow also confirmed that attackers exploited this flaw to successfully query the customer instance tables.

About this happening: ServiceNow disclosed an **unauthorized access incident** affecting **hosted customer instances**, with evidence that attackers made **successful queries of instance tables** again...

ServiceNow AI Platform patch release for CVE-2025-12420

Security Patch Release
H score34 First: 13.01.2026 13:47 Last: 13.01.2026 13:47 Sources 1

About this happening: **ServiceNow** released a **security update** for **CVE-2025-12420**, a **critical** flaw in its **ServiceNow AI Platform** that could let an **unauthenticated user** impersonate...

Timeline

  1. 10.06.2026 00:34 2 articles · 29d ago

    ServiceNow applies a security update to hosted customer instances

    Mitigation Patch Update

    ServiceNow applied a security update to hosted customer instances and changed the vulnerable API endpoint so only authenticated users can access it, addressing an unauthenticated access issue that could allow greater access than intended.

    Show sources
  2. 10.06.2026 00:34 1 articles · 29d ago

    ServiceNow confirms customer instance table queries through a vulnerable API endpoint

    Initial Disclosure

    ServiceNow warned impacted customers after detecting anomalous activity tied to an unauthenticated access flaw in a vulnerable API endpoint, and confirmed attackers used the issue to query customer instance tables. The company opened support cases with affected customers and said the issue mainly affects customers on the Australia platform release or older releases with certain configuration changes.

    Show sources