// School PathwaysMEDIUM
ServiceNow patched an unauthenticated API vulnerability on June 5, 2026 that allowed unauthorized access to customer instances under certain configurations. The vulnerability, first reported in April, permitted unauthenticated users to gain elevated access to susceptible instances. ServiceNow's investigation identified activity beginning June 2 on a subset of customer instances, later attributed to security researchers conducting bug bounty submissions rather than malicious actors. No data exfiltration was confirmed.
- ServiceNow Patches Vulnerability Exploited Against Some Customer(opens in a new tab)
- ServiceNow Flaw Exploited to Gain Unauthorized Access to Custome(opens in a new tab)
- ServiceNow says security researchers, not hackers, accessed data(opens in a new tab)
// Get alerts for School Pathways