ServiceNow fixes bug that exposed customer data to unauthorized access
ServiceNow patched a flaw on June 5 that let unauthorized users reach more hosted data than intended, then notified affected customers through support cases.

A security bug in ServiceNow’s hosted customer instances exposed a costly failure mode for enterprises that rely on the platform to run internal work: unauthorized users could, in certain circumstances, reach more data than intended. ServiceNow said it applied a security update on June 5 after seeing anomalous activity and evidence of successful queries of instance tables affecting a subset of customers.
The issue hit customers on the Australia platform release and older releases that had made certain configuration changes. ServiceNow has not said how many customers were affected, what specific data was accessed or taken, or how long the flaw remained exposed. For organizations that use ServiceNow to route business requests and store operational records, that leaves a gap in understanding whether internal workflow data, employee information or customer case material may have been exposed.

Impacted customers were notified through support cases, but the company has still not disclosed the full scope of the intrusion risk. The flaw did not have a CVE identifier at the time of reporting, even as ServiceNow’s public advisory page listed a string of recent vulnerabilities, including CVE-2026-0542, CVE-2025-12420, CVE-2025-11449 and CVE-2025-11450, CVE-2025-3089, CVE-2025-3648 and CVE-2025-0337.
Outside the company’s direct statement, some public discussion suggested the problem may have been visible earlier, with one claim that ServiceNow could have known about it since April 7, 2026. That assertion has not been independently confirmed by ServiceNow. Network defenders also shared 51.159.98.241 as a possible indicator of compromise in logs, adding another thread for customers to check against their own telemetry.
The episode underscores a broader risk for major organizations that depend on trusted third-party software to hold sensitive data and automate core processes. ServiceNow says security is a collaborative effort with customers, but the June 5 patch shows how quickly a configuration-sensitive bug can turn into a data-access problem, and how much enterprise customers still depend on vendors to disclose scope, exposure time and impact before they can judge the damage.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?


