ServiceNow discloses security incident exposing customer data

ServiceNow warned customers that attackers exploited an unauthenticated access flaw via a vulnerable API endpoint to query data from customer instances. The company applied a security update on June 5, 2026, limiting API access to authenticated users. Affected customers were notified through support cases.