ServiceNow Flaw Exploited by Threat Actors to Access Customer Instances
ID: 9870fa74-d497-55ce-9eba-25a4bd3d51ad
STIX ID: report--9870fa74-d497-55ce-9eba-25a4bd3d51ad
Feed Name: The Cyber Express
A ServiceNow security flaw that could let unauthenticated users obtain greater-than-intended access was exploited beginning June 2, 2026, enabling threat actors to query tables in a limited set of customer instances (mainly on the Australia platform release or certain older configurations). ServiceNow applied an emergency configuration change and security update on June 5, 2026, notified affected customers, and confirmed reports to bug bounty programs before public discussion surfaced on Reddit; the company did not assign a CVE or disclose actor identities or the full scope of data accessed.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
