AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

ServiceNow fixes API issue after reports of suspicious tenant activity

infonews

security

Source: CSO OnlineJune 11, 2026

Summary

ServiceNow discovered and fixed a vulnerability in an unauthenticated API endpoint (a web interface that programs use to request data) that could have exposed customer data without requiring a login. The flaw affected specific ServiceNow instances and was initially reported through a bug bounty program in April, with security updates released to customers in June.

Solution / Mitigation

ServiceNow issued a security update (KB3067321) on June 5 for hosted customers and provided guidance (KB3067372) for self-hosted deployments. Additionally, customers were advised to audit their own Scripted REST API table and review any resources where the "requires_authentication" setting is unchecked, particularly those unchanged since before 2022.

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://www.csoonline.com/article/4184082/servicenow-fixes-api-issue-after-reports-of-suspicious-tenant-activity.html

First tracked: June 11, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%