ServiceNow API flaw exploited by attackers

ServiceNow fixed an API flaw on June 5, 2026, that let unauthenticated attackers query customer instance tables. The issue mainly affected customers on the Australia release or older versions with custom configurations. Admins are urged to review logs for /api/now/related_list_edit requests, especially from IP 51.159.98.241.