On 18 November 2025, Cloudflare — one of the most critical internet infrastructure companies — suffered a major global outage. The disruption was widespread and impacted a number of high-profile web services, triggering 5xx errors and making large parts of the web temporarily unreachable.
Table of Contents
⚙️ What Caused the Outage
According to Cloudflare’s own post-mortem, the outage was not due to a cyberattack. Instead, they traced the issue back to a bug in their Bot Management system. Here’s the sequence of failures:
- A configuration change in one of Cloudflare’s internal databases caused duplicated entries in a “feature file” used by its bot-scoring engine. (The Cloudflare Blog)
- This file doubled in size, exceeding the software limit, which caused the routing software on many of Cloudflare’s nodes to crash. (The Cloudflare Blog)
- As the faulty file propagated to machines across Cloudflare’s global network, the core proxy system began failing — leading to HTTP 5xx errors for many customers. (The Cloudflare Blog)
- In the fallout, several downstream systems — such as Workers KV, Access, and Cloudflare’s Dashboard — also saw elevated error rates or complete failures. (The Cloudflare Blog)
- Cloudflare engineers rolled back to a previous version of the feature file, and by 14:30 UTC, most core traffic began flowing again. Full recovery was achieved by 17:06 UTC. (The Cloudflare Blog)
🌍 Which Services Were Impacted
This outage had a surprisingly large blast radius. Some of the most prominent services and platforms that saw disruption included:
- ChatGPT (OpenAI) (AP News)
- X (formerly Twitter) (Financial Times)
- Spotify (NDTV Profit)
- Canva (Financial Times)
- Uber (The Washington Post)
- PayPal (NDTV Profit)
- Coinbase and other crypto platforms like Kraken, Aave, Etherscan, DeFiLlama
- League of Legends (gaming) (AP News)
- New Jersey Transit (NJ Transit) – parts of their digital services were offline. (New York Post)
- SNCF (France’s national railway) was also reported impacted. (AP News)
- Moody’s credit rating services saw internal server errors. (AP News)
- Perplexity, Letterboxd, Genshin Impact, Honkai: Star Rail and Anthropic Claude AI were also among affected sites. (NDTV Profit)
- Obsidian (MD): the app’s sync service was disrupted. (Reddit)
💡 Impact & Significance
- Wide-reaching disruption: Because Cloudflare serves as a critical CDN (Content Delivery Network) and security layer for a large portion of the Internet, its outage rippled across industries — from AI to gaming, finance to public transport. (SFA (Oxford))
- Not a cyberattack: Cloudflare clarified that this wasn’t caused by malicious activity. (The Cloudflare Blog)
- Resilience concern: The incident highlights how even foundational Internet infrastructure isn’t immune to configuration or software bugs. (thousandeyes.com)
- Recovery and mitigation: Cloudflare’s team fixed the issue by rolling back the configuration file and then gradually restoring full functionality. (The Cloudflare Blog)
- Lessons learned: Cloudflare pledged to improve safeguards — including better validation before propagating config files, more kill switches, and reviewing failure modes. (The Cloudflare Blog)
Final Thoughts!
This outage serves as a strong reminder: many of the digital services we rely on every day are interconnected in fragile ways. When a critical infrastructure provider like Cloudflare stumbles, the effects can cascade across the internet, affecting major platforms and millions of users.
While Cloudflare did manage to resolve the issue in a few hours, the incident underscores the importance of redundancy, testing, and robust error-handling. For businesses, it’s also a prompt to evaluate how much they depend on third-party infrastructure providers, and what fallback strategies they have in place.
Read The Cloudflare Blog for more details.
