ServiceNow hosted customer instances unauthenticated access security flaw
Vulnerability
Summary
Hide ▲
Show ▼
ServiceNow hosted customer instances were exposed to an unauthenticated access flaw that let a user gain greater access than intended, and ServiceNow pushed a June 5, 2026 security update to restrict the endpoint to authenticated users. The issue had no CVE identifier at the time of disclosure. ServiceNow also reported anomalous activity and evidence of successful queries of instance tables against a subset of customers. The affected scope included customers on the Australia platform release and certain older-release configurations.
Related Happenings
ServiceNow hit by network compromise
Incident
H score25
First: 10.06.2026 10:02
Last: 10.06.2026 10:02
Sources 1
How related:
ServiceNow said it detected anomalous activity relating to the security issue, and that it observed evidence of successful queries of instance tables against a "subset of customers."
About this happening:
ServiceNow disclosed an **unauthorized access incident** affecting **hosted customer instances**, with evidence that attackers made **successful queries of instance tables** again...
ServiceNow hit by network compromise
IncidentHow related: ServiceNow said it detected anomalous activity relating to the security issue, and that it observed evidence of successful queries of instance tables against a "subset of customers."
About this happening: ServiceNow disclosed an **unauthorized access incident** affecting **hosted customer instances**, with evidence that attackers made **successful queries of instance tables** again...
ServiceNow AI Platform unauthenticated impersonation flaw (CVE-2025-12420)
Vulnerability
H score19
First: 13.01.2026 13:47
Last: 13.01.2026 13:47
Sources 1
About this happening:
**CVE-2025-12420** exposes **ServiceNow AI Platform** deployments to **unauthenticated impersonation** and **arbitrary actions**, creating a high-severity account-takeover risk. T...
ServiceNow AI Platform unauthenticated impersonation flaw (CVE-2025-12420)
VulnerabilityAbout this happening: **CVE-2025-12420** exposes **ServiceNow AI Platform** deployments to **unauthenticated impersonation** and **arbitrary actions**, creating a high-severity account-takeover risk. T...
Timeline
-
10.06.2026 10:02 1 articles · 2h ago
ServiceNow applies security update to restrict hosted customer instance access
Mitigation Patch UpdateServiceNow applied a security update to hosted customer instances and changed endpoint configuration to limit access to authenticated users after identifying a security issue that could allow an unauthenticated user, in certain circumstances, to gain greater access than intended. The affected scope included customers on the Australia platform release and certain instances on releases prior to Australia with configuration changes.
Show sources
- ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances — thehackernews.com — 10.06.2026 10:02
-
10.06.2026 10:02 2 articles · 2h ago
ServiceNow warns of anomalous activity and successful queries in hosted customer instances
Initial DisclosureServiceNow said it detected anomalous activity tied to the security issue and observed evidence of successful queries of instance tables against a subset of customers. The company said impacted customers were notified, indicating unauthorized access beyond the intended level for susceptible hosted customer instances.
Show sources
- ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances — thehackernews.com — 10.06.2026 10:02
- ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances — thehackernews.com — 10.06.2026 10:02