ServiceNow API flaw let attackers access customer instance data
ServiceNow disclosed a security incident after attackers exploited an unauthenticated access flaw in the Scripted REST endpoint /api/now/related_list_edit/create to query data from multiple customer instances. The company said it detected anomalous activity tied to IP address 51.159.98.241, with suspicious access occurring on June 2 and 3, and confirmed successful exploitation. The issue appears to stem from a misconfigured resource with requires_authentication=false, causing requests to be processed as the Guest user; access-control enforcement may also have varied by tenant. Affected environments were reported to include customers on the Australia platform release and some older releases with specific configuration changes.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
ServiceNow attributes suspicious activity to security researchers
ServiceNow said the anomalous activity tied to the vulnerable API now appears to have come from bug bounty or customer security research rather than malicious attackers. It also disclosed that two researchers submitted a report on June 7 and said no data was used or retained.
ServiceNow applies security update and restricts API endpoint
On June 5, ServiceNow applied a security update to hosted customer instances and changed the affected API endpoint so it required authentication. The company also opened support cases with affected customers and advised them to review logs and assess possible exposure.
Attackers access multiple ServiceNow tenants via vulnerable API
On June 2 and 3, a suspicious foreign IP address, 51.159.98.241, accessed multiple tenants through the vulnerable /api/now/related_list_edit/create endpoint. ServiceNow later confirmed successful exploitation of an unauthenticated access flaw that allowed querying data from customer instances.
ServiceNow receives early external report of unauthenticated API flaw
ServiceNow said reports describing a flaw that could allow unauthenticated access to information in certain instances were first submitted on April 22. This predates the June bug bounty submissions and indicates the issue had been externally reported earlier.
ServiceNow internally documents unauthenticated API vulnerability
ServiceNow had internally documented the vulnerability affecting the /api/now/related_list_edit/create Scripted REST endpoint on April 7. The issue was reportedly tied to a misconfigured resource with requires_authentication set to false and was initially treated as non-urgent.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
ServiceNow Security Breach Exposes Enterprise Customer Data - CPO Magazine
cpomagazine.com
Open sourceServiceNow Deploys Security Fix After Researcher Uncovers Activity Targeting Flaw - CySecurity News - Latest Information Security and Hacking Incidents
cysecurity.news
Open sourceServiceNow Flaw Exploited To Access Customer Instances
thecyberexpress.com
Open sourceServiceNow says security researchers, not hackers, accessed data | news | SC Media
scworld.com
Open sourceServiceNow TrustShare | Customer Advisory Details
trust.servicenow.com
Open sourceBug Bounty Research Triggers ServiceNow Security Alert
darkreading.com
Open sourceServiceNow API Breach: What Customers Need to Know Now | The CyberSec Guru
thecybersecguru.com
Open sourceServiceNow discloses security incident exposing customer data
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
ServiceNow Widget Misconfiguration Exposes Sensitive Data to Unauthenticated Access
Finland’s National Cyber Security Centre warned that an insecure default configuration in the ServiceNow platform can expose sensitive data, and said it has received multiple reports of attacks exploiting the issue. The problem affects portal widgets used to build forms, lists, and tables, particularly the **Simple List** widget, which can be publicly accessible without role restrictions by default. In affected deployments, an unauthenticated attacker may query the widget’s server-side script through the API and retrieve database contents in `JSON` format. The exposed information can include system details, personal data, and confidential business information, depending on how each organization has configured ServiceNow. ServiceNow had also acknowledged that incorrect platform configurations could lead to sensitive information leakage. Authorities urged organizations using the platform to review widget settings and `ACL` configurations, inspect logs for signs of exploitation, and strengthen access controls with measures such as IP-based restrictions, adaptive authentication, and ServiceNow’s **Explicit Roles** add-on.
Apr 14, 2026
Unauthenticated RCE in ServiceNow AI Platform Sandbox (CVE-2026-0542)
ServiceNow patched a **critical unauthenticated remote code execution (RCE)** vulnerability in the *ServiceNow AI Platform* tracked as **CVE-2026-0542**. The flaw can allow an unauthenticated attacker, under certain conditions, to execute code within the **ServiceNow Sandbox**—a restricted environment intended to isolate untrusted code—creating risk of broader instance compromise, including potential data theft and workflow manipulation. Public technical details were limited, but the issue was characterized as remotely reachable (typically over HTTPS) and high impact, with reporting citing **critical severity (CVSS 9.8)**. ServiceNow’s advisory (**KB2693566**) states the company deployed security updates to affected **hosted customer instances** and also made updates available to **self-hosted customers and partners** via patches/hotfixes. As of the advisory information reflected in CVE tracking, ServiceNow reported it was **not aware of active exploitation against customer instances**, but recommended customers apply the relevant updates or upgrade promptly to mitigate the risk from an unauthenticated RCE path into the sandboxed execution environment.
Mar 21, 2026
ServiceNow AI Platform Flaw (CVE-2025-12420) Enables Unauthenticated User Impersonation
ServiceNow disclosed and remediated a **critical** vulnerability in its AI Platform, tracked as **CVE-2025-12420** (CVSS **9.3**), that could allow an **unauthenticated attacker to impersonate legitimate users** and perform actions with the victim’s entitlements. The issue impacts ServiceNow AI features including **Now Assist AI Agents** and the **Virtual Agent API**; ServiceNow reported deploying fixes to most hosted instances in October 2025 and providing updates to partners and self-hosted customers, and stated it has **no evidence of exploitation** prior to remediation. Research associated with the disclosure highlighted broader risks in enterprise AI agent deployments, including the potential for **second-order prompt injection** when default settings and agent-to-agent capabilities (e.g., *agent discovery*) are not tightly controlled. In testing described by the reporting, low-privileged users could embed malicious instructions into data fields later processed by higher-privileged AI agents, potentially leading to unauthorized access or changes; customers were advised to upgrade to patched releases (including *Now Assist AI Agents* `5.1.18+` / `5.2.19+` and *Virtual Agent API* `3.15.2+` / `4.0.4+`) and to apply relevant security updates across hosted and self-managed environments.
Mar 21, 2026