Key Findings ServiceNow applied a security update on June 5, 2026 to address an unauthenticated access vulnerability affecting hosted customer instances The flaw allowed unauthorized users to gain elevated access to ServiceNow instances and query customer data Evidence shows successful data access occurred for a subset of customers between June 2-4, 2026 The vulnerability stems from an API endpoint configuration that did not require authentication Community reports allege Ser