Select Language:
Cloudflare reported that a recent internal configuration adjustment, made in response to a newly disclosed React security vulnerability, temporarily rendered its network inaccessible for several minutes on Friday. The company emphasized that this outage was not caused by a cyberattack.
Headquartered in the United States, Cloudflare is a global web infrastructure and security provider that manages a vast content delivery network (CDN) and Domain Name System (DNS) services. It plays a key role in ensuring websites and applications load quickly and remain operational by shielding them from traffic spikes and malicious attacks.
On Twitter (now X), Cloudflare’s Chief Technology Officer, Dane Knecht, stated that the company was aware of the network disruption. He clarified that the root cause was the disabling of certain logging features to address a React Server Components vulnerability, rather than any malicious activity.
Knecht announced that full details would be provided in a blog post scheduled for the same day and confirmed that most sites were back online. He acknowledged the inconvenience caused and assured customers that ongoing efforts were underway to resolve the issues. The company’s incident report later confirmed that the problem was fixed, noting that a specific change to the Web Application Firewall (WAF) request parsing caused the temporary outage.
Initial reports on Cloudflare’s status page indicated problems beginning around 8:56 UTC, with investigations into issues affecting the Cloudflare Dashboard and related APIs. Customers experienced request failures and error messages. The company continued to investigate, updated the status multiple times, and eventually announced the resolution by 9:20 UTC.
This incident follows a previous outage in November, when an auto-generated configuration file grew excessively large and crashed traffic management systems, briefly cutting off thousands of users from platforms such as X, ChatGPT, Canva, and Grindr. Cloudflare clarified then that the incident was not attributed to malicious activity and deployed a fix to restore service.
Cloudflare remains monitored by the company, which has promised to publish a comprehensive technical explanation soon.
ChatGPT
Perplexity
Gemini AI
Grok AI
