logo

ServiceNow Unauthenticated Access Incident (Incident)

ID: d55e774c-3bae-558c-9143-f2199b2d673e

STIX ID: report--d55e774c-3bae-558c-9143-f2199b2d673e

Feed Name: Wiz Cloud Threat Landscape

Threat Score
78/100

Date Published: 2026-06-09

Date Updated: 2026-07-02

Author: [email protected] (Wiz Threat Research)

...
...

ServiceNow customers experienced unauthenticated access via a Scripted REST Resource endpoint (`/api/now/related_list_edit/create`) reportedly configured with `requires_authentication = false`. Security researchers and affected customers observed requests from IP `51.159.98.241` and successful table queries in some Australia-release or pre-release-configured instances, potentially exposing customer data; the full scope of exposure remains limitedly known.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.