ServiceNow disclosed a vulnerability that permitted unauthenticated users to access customer instances, with the vendor applying patches to hosted environments on 5 June 2026 and subsequently notifying affected customers. The flaw affected customers on the Australia platform release or those who had made specific configuration changes to earlier releases. ServiceNow detected suspicious activity—confirmed queries of instance tables—and attributed this to security researchers or customers conducting their own investigations, though the company acknowledged its investigation remained ongoing. The incident exposed a critical gap in vendor transparency: affected customers took to Reddit to express frustration over insufficient technical details needed to validate their own security posture and inform internal risk assessments. This disclosure reflects a systemic problem in how enterprise software vendors communicate security incidents to teams who depend on their platforms for operational continuity.
The timing and nature of this incident underscore a fundamental tension now reshaping CX operations. Platforms like ServiceNow function as operational backbones for support teams managing tickets, automations, and customer data flows—meaning security failures at this layer become customer trust failures. As AI-driven workflow systems, automation layers and agentic tools embed deeper into customer experience infrastructure, the attack surface expands whilst exploitation timelines compress. Red Hat's Vincent Danen has warned that vulnerability patching cycles are becoming "more urgent and more difficult" as AI-enabled infrastructure complexity accelerates attack sophistication. For CX teams already running AI-assisted ticketing, workflow automation or agentic systems, this raises an uncomfortable question: how quickly can your organisation actually patch critical vulnerabilities before attackers exploit them, and does your vendor's disclosure process give you the visibility needed to act?
The ServiceNow incident sits within a broader pattern of authentication and data exposure flaws across enterprise software vendors—a reality driven partly by the inherent complexity of modern cloud platforms with their APIs, integrations, customer-specific configurations and automation layers operating simultaneously. This complexity creates operational fragility that vendors struggle to manage whilst simultaneously delivering the faster deployments, broader integrations and automation that CX teams demand. The result is a precarious equilibrium where security and feature velocity compete for the same product roadmap. For CX professionals, this means treating vendor security posture as a material operational risk, not a compliance checkbox—particularly as your teams increasingly depend on these platforms to orchestrate customer interactions at scale.
ServiceNow has disclosed a security vulnerability that allowed unauthenticated users to gain access to customer systems. The enterprise software company said it applied a security update to hosted customer environments on June 5 and contacted those affected. A spokesperson told CX Today: “ServiceNow