Yesterday's major internet outage demonstrated just how heavily modern services depend on Cloudflare. Many websites were completely offline, while others were barely accessible. This affected well-known platforms as well as countless smaller services. Initially, it appeared to be a massive cyberattack, but it later turned out that the cause was an internal error at Cloudflare.
Cloudflare is a central provider of CDN and security features. Whenever Cloudflare experiences problems, many apps and websites become unstable. This is exactly what happened yesterday. Even X, formerly Twitter, was unable to load new posts or update timelines. The outages occurred worldwide and followed a recurring pattern, which initially made the situation even more confusing.
Why Cloudflare initially considered an attack
The connections dropped for about five minutes at a time, recovered briefly, and then dropped again. This pattern strongly resembled a hyperscale DDoS attack. In such attacks, enormous amounts of artificial requests flood the systems, making it nearly impossible for regular traffic to get through. For Cloudflare, this was a plausible explanation, since a technical error typically doesn't stabilize itself within short intervals.
The outage of the company's own status page also seemed to confirm this suspicion. The page is hosted independently of Cloudflare and is not dependent on the company's infrastructure. The fact that it was nevertheless temporarily unavailable appeared to be further evidence of a targeted attack. However, it later turned out to be pure coincidence.
The actual cause lay with Cloudflare.
After the initial suspicion was ruled out, it turned out that a bug in a software update had triggered the entire outage. A file used by the bot management system became much larger than intended due to an incorrect permission change. Specifically, a database system, due to the incorrect permissions, output multiple entries to this so-called feature file, which consequently doubled in size.
This file is regularly distributed across the entire Cloudflare network to keep systems up-to-date with the latest threat landscape. However, the software that manages network traffic has a fixed size limit for this file. Once the oversized version was deployed, the software crashed, crippling large portions of internet traffic.
The five-minute interval also had a logical explanation. The file was regenerated every five minutes. The query for this ran on a ClickHouse cluster, which was updated incrementally to reorganize permissions. Incorrect data always occurred when the query ran on a cluster segment that had already been modified. This resulted in a five-minute cycle of working and corrupted configuration files, causing the recurring outage.
Cloudflare later described the incident as deeply painful. The company emphasized the importance of reliability in the internet ecosystem and stated that an outage of this kind was unacceptable. In its official statement , it acknowledged that the error had significantly impacted many users and services.
Cloudflare: How a small error is shaking global systems
The incident demonstrates how sensitive global infrastructures are when critical services like Cloudflare fail. A single permissions error, combined with a software update, was enough to disrupt large parts of the internet worldwide. The detailed analysis highlights the complexity of internal processes and the far-reaching consequences of even minor changes. Cloudflare has openly acknowledged its error and announced plans to implement measures to prevent such disruptions from recurring. (Image: Shutterstock / metamorworks)
- Gemini 3 sets new AI standards & changes Google's products
- WhatsApp is finally testing two accounts on a single iPhone
- Apple releases new firmware for key accessories
- WhatsApp vulnerability remained unprotected for eight years
- How Apple is creating new titanium components using 3D printing
- Apple releases the major podcast charts for 2025
- The iPhone 17 lifts Apple to its strongest level in China in years.
- Apple loses another key designer amidst ongoing changes
- F1 The Movie: How realistic is a sequel really?
- Apple wins long-running dispute over iPhone camera patents
- iOS 26.2 Beta 3: An overview of the most exciting new features
- iOS 26.2 opens iPhones in Japan to alternative assistants
- iPadOS 26.2 significantly improves Slide Over and Split View
- Apple lays the foundation for open assistant switching in iOS 26.2
- iOS 26.2 introduces 30 days of AirDrop access via codes.
- Apple emphasizes the strength of Apple Silicon on its anniversary
- Apple releases iOS 26.2 Beta 3: New testing phase underway
- Tim Cook could change roles instead of leaving Apple entirely.
- Apple expands Sneaky Sasquatch with a new sticker pack
- Tim Cook in focus: Apple tests market reaction to CEO change
- Apple must pay $634 million in the Masimo patent dispute.
- The iPhone 17 brings a noticeable recovery to Apple's China business.
- Apple COO Jeff Williams is now officially retired.
