Bottom line: ServiceNow patched a vulnerability that allowed attackers to gain access to customer instances without authentication.
ServiceNow has confirmed a security vulnerability that was exploited by unknown threat actors to gain unauthorized access to hosted customer instances. The company deployed a security update on June 5, 2026, to prevent unauthenticated exploitation of the vulnerability.
ServiceNow confirmed a security incident in which threat actors exploited a vulnerability to gain deeper, unauthorized access to vulnerable instances. As the company explained in a security advisory, a security update was released on June 5, 2026, for hosted customer instances.
The vulnerability allowed an unauthenticated user, under certain conditions, to gain unauthorized access. ServiceNow deployed the necessary patches on its hosted platforms to close the security gap. Customers operating ServiceNow on-premise will receive updates through established patch channels.
For CISO teams, it is critical to promptly identify affected systems and verify whether misuse has occurred. The unauthenticated nature of the access suggests that attackers could have compromised systems directly if they were internet-facing. ServiceNow recommended customers review their access logs for suspicious activity and conduct forensic analysis if necessary.
Source: thehackernews.com · Published June 10, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.