top of page
ALL POSTS
ServiceNow Security Incident Exposes Customer Data and Unauthorized Access
Key Findings ServiceNow applied a security update on June 5, 2026 to address an unauthenticated access vulnerability affecting hosted customer instances The flaw allowed unauthorized users to gain elevated access to ServiceNow instances and query customer data Evidence shows successful data access occurred for a subset of customers between June 2-4, 2026 The vulnerability stems from an API endpoint configuration that did not require authentication Community reports allege Ser
Jun 103 min read
CVE-2025-12420: Critical ServiceNow Flaw Enables Unauthenticated Impersonation
Key Findings A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users. The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation. ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action. Background The vulnerability, dubbed CVE-2025-12420, is a failur
Jan 132 min read
bottom of page
