glide.attachment.extensions

... a role to explicitly allow adding attachments, then assign this role to the SOAP user. File type security You can control what file types users can attach by setting the glide.attachment.extensions and glide.security.file.mime_type.validation properties. For these properties to apply to the AttachmentCreator web service, the property glide.attachment.enforce_security_validation must be set to true. This property is true by default. Example SOAP Message ...

... ServiceNow IDE in the following topics. Instance requirements If an instance includes modified configurations for saving attachments, the following requirements must be met to perform Git operations: • If the glide.attachment.extensions system property is configured, it must contain txt,gitdata. • If the glide.security.attachment_type.use_blacklist system property is set to true, the glide.attachment.blacklisted.extensions system property must not contain txt,gitdata and the glide.attachment.blacklisted.types system ...

... should be restricted As MIME type verification depends on this property, it is recommended to mitigate against the vulnerabilities related to malicious file upload. Either update the value of the glide.attachment.extensions system property to the trusted file extensions OR insert this system property with a value of the trusted file extensions. Documentation sn_SE10199 1 Act Upload MIME Type To reduce vulnerabilities ...

... connection. To give users OData access, see the following instructions on the SAP help site: Back-End Server: Assign OData Service Authorization to Users . Enabling download of XML files The glide.attachment.extensions system property restricts the file types that can be downloaded. This property is empty by default. Check that the xml file extension hasn't been added to this property. For more ...

... information if you intend to separate data, processes, and administrative tasks. See Domain separation and Document Intelligence. Verify that file extensions required to support Document Intelligence are included in any glide.attachment.extensions system property customizations. The glide.attachment.extensions system property is empty by default. When customizing it, ensure that the following file extensions are included: • jpeg • jpg • png • pdf ...

... instance by default and can be viewed in the MID Server > SNMP MIBs module. Important: MIB files in a ServiceNow instance do not use a file extension. If the glide.attachment.extensions system property in your instance contains a list of file extensions permitted for import, MIB files do not load. To ensure that MIB files can load, add a temporary extension ...

... attachments, ensuring that files with HTML content can be included when necessary, while maintaining MIME type integrity. • Type: text/html • Default value: null • Location: System Properties [sys_properties] table glide.attachment.extensions Comma-separated list of file extensions that can be attached. No value means that there are no restrictions. © 2026 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and ...

... score: Medium • Security risk details: MIME type validation for file attachments doesn't take place in multi-extension processing or when null bytes are present. This allows attackers to circumvent the glide.attachment.extensions and glide.security.file.mime_type.validation system properties through null-byte injection, multi- extension file names and polyglot files, leading to malicious file uploads. © 2026 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, ...

... must be set to activate MIME type checking for uploads (All version Eureka and up). Enables (true) or disables (false) mime type validation for file attachments. File extensions configured via glide.attachment.extensions will be checked for MIME type during upload. and activate the property by checking Yes. © 2026 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow ...

... this option if you have a large number of Microsoft Intune devices. Note: ▪The admin role is required to configure advanced data sources. ▪To enable the creation of attachments, the glide.attachment.extensions system property must be set to either null or zip, json. For more information, see the Service Graph Connector For Microsoft Intune – Advanced [KB1641546] article in the Now Support ...