The Bottom Line: ServiceNow had to inform customers about an unauthenticated API vulnerability through which attackers were able to exfiltrate customer data.
ServiceNow is informing customers of a security vulnerability in an API that enabled attackers without authentication to access customer data. At least one cyber actor has already exploited the vulnerability.
A security vulnerability was discovered in ServiceNow’s API that allowed attackers to access customer data without authentication. The company is informing affected customers about the incident and confirms that at least one cyber actor has already used this vulnerability for data exfiltration.
For CISOs, this incident represents a critical assessment of risks when using third-party APIs. Missing authentication is a frequently underestimated attack vector in cloud environments. Affected organizations must verify which sensitive data was exposed through the affected API and whether it has already been compromised.
ServiceNow customers should review their access controls on the API and promptly implement the security updates and mitigation measures provided by the vendor. This requires rapid inventory of API usage and reassessment of data protection measures for critical records.
Source: www.golem.de · Published June 10, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.