On 18 November 2025, Cloudflare experienced a major network outage beginning at 11:20 UTC, affecting the delivery of core network traffic. Internet users attempting to access sites protected by Cloudflare were met with error pages indicating failures within the company's network. The incident was not caused by a cyberattack but stemmed from a change to the permissions of one of Cloudflare's database systems. This change caused a critical "feature file" used by the Bot Management system to double in size, exceeding the software's preconfigured limits and triggering widespread errors across the network.
Initially, Cloudflare suspected a hyper-scale DDoS attack, but the root cause was quickly identified as the oversized feature file. The company halted the propagation of the faulty file and replaced it with a previous, functional version. Core traffic largely returned to normal by 14:30 UTC, with full restoration of all systems achieved by 17:06 UTC. During the outage, increased load on various parts of the network caused temporary latency spikes and service disruptions across several products.
The outage affected multiple Cloudflare services, including its core CDN and security services, Turnstile, Workers KV, Access, and the Dashboard. HTTP 5xx errors were widespread, authentication failures occurred for Access users, and Turnstile login services were temporarily unavailable. Email Security experienced minor disruptions, mainly in spam detection, but with no critical impact. The incident also highlighted the vulnerability of the company's own status page, which coincidentally went offline during the outage, complicating initial diagnosis.
