Cloudflare status: hosting issues and outage reports

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

• Domains (43%)
• Cloud Services (28%)
• Hosting (17%)
• Web Tools (9%)
• E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

City	Problem Type	Report Time
Farmers Branch	Web Tools	3 days ago
Helsinki	Cloud Services	5 days ago
Crisfield	Domains	7 days ago
Nanaimo	Web Tools	8 days ago
New York City	Web Tools	8 days ago
Istanbul	Domains	11 days ago

Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Lyre, Lord High Artificer (@WordsOllie) reported 9 minutes ago

  @WarframePlayer_ @VRChat First night was CloudFlare that was down, the night after it was AWS that went down. How moronic are you?

• 
  FILM DB | ۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗh (@FemiSuccess7) reported 10 minutes ago

  @Msztheus Hi, do you have an idea how to make proxies work in Cloudflare To connect via fetch to an external route but routed through another proxy network Any idea how to do this?

• 
  Cosplay Floor Review (@CosplayFloorRev) reported 13 minutes ago

  @eepyeri Works fine, most likely a CloudFlare proxy issue. Seen it a million times where a corporate firewall doing SSL decryption has mangled up the TLS certificates.

• 
  ShootyShiba 🇺🇸 (@SomuchForTHA) reported 15 minutes ago

  @KiwiFarmsDotNet @Cloudflare The ADL makes themselves look bad than any of the people they try to silence.

• 
  @buildsolo (@buildsolo_x) reported 16 minutes ago

  Spent 2 hours debugging BlackRabbit today. A new feature I’ve been building for the past week kept failing, while the rest of the extension still worked. So I checked the worker. Checked the prompt. Checked Gemini. Checked the extension state. The real issue? Cloudflare free-tier limits. Sometimes the bug is not in your code. Sometimes your infrastructure is just quietly asking you to upgrade.

• 
  Ian Smith (@IanSmith_HSA) reported 16 minutes ago

  @FutureDies @conordeegan For wallets, ETH can push the signature verification to the edge devices. The chain has a goal of finishing the upgrades by 2029. Google and cloudflare warned that the network migration needs to be done by Jan of 2029. The signature scheme, network protocol and interchain tech is hard to change. XX will sometimes admit they haven't changed these parts of Substrate still. They are relying on delayed last minute consensus upgrades, 'trust us' and marketing lies.

• 
  Yomeil | WE all love therealsquiddo (@Jiang_lotus) reported 18 minutes ago

  @anon_402 Never ever forgetting the utter disgrace cloudflare was during the tubnet attack

• 
  FootiememeTV (@FootiememeTv) reported 19 minutes ago

  @inference_labs inference changes the economics of AI. But once outputs start driving real systems, verification becomes the bottleneck. Cloudflare leaning into AI reviews at scale is another signal that the next infrastructure layer won’t just generate intelligence it’ll prove it.

• 
  Hennie (@andyhennie) reported 20 minutes ago

  @steipete @onlydotcoms @Cloudflare would m5max/128gb help out, or still not enough?

• 
  Mario Nawfal (@MarioNawfal) reported 23 minutes ago

  🇺🇸 FBI Director Kash’s merch site BasedApparel. com got hacked/compromised with some ClickFix malware Fake Cloudflare page tricks macOS users into pasting Terminal commands → straight-up steals browser passwords + crypto wallets. The site is currently down (for obvious reasons) Source: PC Mag

• 
  Jeff Steve (@JeffSte17327059) reported 24 minutes ago

  @0xBunny hosting service?? hosting what? a website? i know gitlab provides free static object hosting, so I use squarespace for domain purchase, gitlab for website assets and cloudflare for the DNS services

• 
  Fantasy Parliament (@FtsyParliament) reported 28 minutes ago

  @rockerroblox1 Sorry about this, can you try usually 4g or a VPN at the moment? Having some ISP issues which I’m hoping will be mostly/entirely fixed by migrating to Cloudflare which I did about 7 hours ago!

• 
  Misu (@misu_ciidr) reported 33 minutes ago

  Anthropic’s Claude just uncovered over 10,000 high and critical vulnerabilities in a single month, including 2,000 in Cloudflare and hundreds in Firefox. It even caught and stopped a $1.5 million wire fraud in real time. Now companies are literally begging Anthropic to slow down because they can’t patch fast enough. And that’s the stuff built by pros. Now imagine the flood of ‘vibe coded’ apps and SaaS products hitting your phone, laptop, and desktop, all churned out by the same Claude.

• 
  Official Layoff (@LayoffAI) reported 35 minutes ago

  CHAMATH TO CLOUDFLARE CEO: SHUT ******** UP Literally. He just destroyed him on the All-In podcast yesterday. Called his layoff op-ed "from the PR school of retards." Hard to disagree with him on this one.

• 
  spb krishnan (@spbalaonline) reported 35 minutes ago

  @abhijeet_dipke Cockroach Party website taken down? Here's how to make it resilient:• Move domain to Njalla/Porkbun + Cloudflare proxy • Host static version on IPFS + Vercel/Netlify • Mirror on GitHub Pages+ offshore VPS • Daily backup+.onion version Decentralize like real cockroaches.

• 
  Robert Ta (@therobertta_) reported 37 minutes ago

  The Cloudflare encryption story proves it. A junior engineer walked into Matthew Prince's office: "Boss, would not a better internet be an encrypted internet? So why are we charging for encryption?" This was their number one revenue driver. Prince said: "Let us figure it out." They drove costs down, gave encryption away free, and became a $70B company.

• 
  Aiona Edge (@aionaedge) reported 42 minutes ago

  Anthropic's Project Glasswing just released its first results, and the headline is staggering: Claude Mythos Preview has uncovered more than 10,000 high- or critical-severity vulnerabilities across partner software in just one month. Cloudflare alone found 2,000 bugs (400 high/critical). Mozilla patched 271 Firefox vulnerabilities — ten times what the previous Claude model caught. Palo Alto Networks shipped five times its normal patch volume. Microsoft says its patch releases will "continue trending larger for some time." But here's what the headlines are missing. **WHAT EVERYONE IS SAYING** The coverage reads like a cybersecurity breakthrough story. AI finds bugs! Software gets safer! Anthropic saves the internet! The narrative writes itself — a frontier AI model deployed responsibly through controlled partnerships, finding real vulnerabilities before bad actors can exploit them. It's the "responsible AI" story everyone wants to believe. And to be clear: the numbers are real. Anthropic independently scanned 1,000 open-source projects and found 6,202 high- or critical-severity vulnerabilities, with a 90.6% true positive rate after third-party verification. A Mythos-powered tool at a partner bank caught a $1.5M fraudulent wire transfer. The UK's AI Security Institute confirmed Mythos is the first model to fully solve both of its in-house cyber range simulations. These are not demo numbers. This is production-grade capability. **WHAT'S ACTUALLY GOING ON** Here's the part that should keep security leaders up at night: of those 23,019 total vulnerabilities Mythos found in open-source projects, only 97 have been patched. 97 out of 23,019. The bug-finding capacity of AI has completely outpaced the bug-fixing capacity of the humans who maintain the software the entire world runs on. Open-source maintainers have literally asked Anthropic to slow down disclosures because they can't keep up. The average fix time for a high- or critical-severity bug is two weeks. Anthropic's model finds them in hours. That's not a feature — that's a systemic risk multiplier. And Anthropic themselves are saying this explicitly. They write: "No company, including Anthropic, has built safeguards strong enough to stop misuse of these models and prevent serious damage." They note that Mythos-class capabilities will soon be widely available. OpenAI's GPT-5.5 is already competitive on these benchmarks, with a specialized GPT-5.5 Cyber variant available to vetted researchers. The asymmetric advantage attackers get from this — the ability to find and weaponize vulnerabilities at machine speed — is not theoretical. It is the current reality. Consider the math: a Mythos-class model can find a critical vulnerability in hours. The average time to patch is two weeks. That gap — call it the "exposure window" — just widened from a crack to a canyon. And it's not just zero-days anymore. It's thousands of known-but-unpatched vulnerabilities sitting in open-source infrastructure that the entire internet depends on. **WHAT THIS MEANS FOR BUSINESS LEADERS** 1. **Your patch cadence is now a competitive vulnerability.** If your organization patches on a monthly cycle, you're operating on a timescale that AI attackers have already left behind. The companies that will survive the next 24 months are the ones that can patch in days, not weeks. Audit your patch management process right now. If it takes you longer than 72 hours from patch availability to deployment for critical vulnerabilities, you are exposed. 2. **Open-source risk has fundamentally changed.** If you're running open-source infrastructure (and you are — the average enterprise has thousands of OSS dependencies), the old assumption was that obscurity provided some protection. That assumption is dead. Every unpatched vulnerability in every project you depend on is now findable by machine. Map your dependencies, identify which projects have small maintainer teams, and start contributing resources to their security. 3. **AI security tools are no longer optional — they're existential.** The same capability that finds 10,000 vulnerabilities can also exploit them. If your security team isn't using AI-powered vulnerability detection and response tools right now, you're defending a castle with medieval weapons against an army that has aerial reconnaissance. Budget for this in Q3, not next year's plan. 4. **The "responsible deployment" window is closing.** Anthropic is holding Mythos Preview back from public release specifically because they can't guarantee it won't be misused. But they acknowledge comparable models are coming. The period where only vetted partners have this capability is temporary. Your security planning should assume widespread availability by end of 2026. The real story of Project Glasswing isn't that AI can find bugs. It's that AI has exposed a structural weakness in how the world maintains its critical software. We built a civilization on open-source code maintained by underfunded teams, and we just gave everyone — defenders and attackers alike — a map of every crack in the foundation. The question isn't whether AI will make software more secure eventually. It almost certainly will. The question is what happens in the transition — and whether we can close the gap between finding flaws and fixing them before someone else exploits them first. #ProjectGlasswing #Cybersecurity #AISafety

• 
  The_Daniel (@dan_mwita8) reported 43 minutes ago

  @SidJain_80 Implement connection pooling with a strict limit and fail gracefully when you hit it , but the real protection is preventing the thundering herd from reaching your auth service simultaneously. Three layers to add: Rate limiting at the edge. Cloudflare, AWS WAF, or your load balancer should throttle reconnection attempts before they reach your infrastructure. Not blocking but just queuing and spreading them over time. Millions of reconnects compressed into seconds becomes millions spread over a minute. Your auth service goes from drowning to being busy. Client-side exponential backoff with jitter. Every disconnected client shouldn't immediately retry on reconnect. They should wait a random amount of time ,backoff factor multiplied by jitter , before attempting. This naturally spreads the reconnection load across seconds instead of milliseconds. Without jitter, all clients retry simultaneously and you still get the thundering herd. Auth service circuit breaker. When database connection pool hits capacity, stop accepting new requests immediately. Return a 503 Service Unavailable with a Retry-After header instead of queuing connections that will timeout anyway. Clients get a clear signal to back off and retry later. This prevents the cascade where pending requests keep accumulating and consuming resources. The deeper issue is that connection pooling alone doesn't protect you , it just formalizes the limit you'll hit. The protection is architecture that spreads load over time instead of allowing simultaneous reconnects to pile up.

• 
  eva (@evabuilds) reported 45 minutes ago

  @jahooma does it support cloudflare ai models?

• 
  George Saoulidis (@georgecursor) reported 47 minutes ago

  @nakadai_mon @levelsio Storage of what? It's all on cloudflare. I run the literally named "newsletter" plugin on my wordpress and vibe coded a hack to use cloudflare instead of SMTP service. Need the plugin to handle subscribers and unsubscribes, otherwise Hermes can just shoot emails through cloudflare with no problem.

• 
  uddit_rise (@UdditRise) reported 47 minutes ago

  Every cloud is racing to sell agents a VM: Vercel, Cloudflare, Google. Fine for 30s tasks. Breaks the moment an agent needs storage, identity, networking. Next primitive is a mini-cloud agents own, not a box they rent. Clusters are 2 orders too slow.

• 
  marcelo mezquia (@IntentSim) reported 50 minutes ago

  Stopping the bad guys with Cloudflare: 9,706 malicious requests blocked or challenged in the last month #cloudflare #intentsim #mezquiaphysics

• 
  Moneroon (@moneroon) reported 50 minutes ago

  @FemiSuccess7 @UK_Daniel_Card @Cloudflare DNS updates seem to be working - although a bit slow

• 
  Chris Covington (@_ChrisCovington) reported 51 minutes ago

  @AlanNeveu @vpetryniak @Cloudflare yup most have them builtin, they are basically the same thing from the managers pov. also yes the platform issues with these are 99% of the headache, not the tech itself lol

• 
  JOAT (@0x_joat) reported 53 minutes ago

  Cloudflare seems to be down

• 
  MegaBitch🌙 (@quartz_slut) reported 59 minutes ago

  I want to read my little webcomics why is it down i hate cloudflare

• 
  Basemail (@Basemail_ai) reported 59 minutes ago

  AgentMail just hit 25K inboxes. Cloudflare launched Email for Agents. WorkOS is hosting MCP Night talks about it. The channel problem is solved. But none of them answer: "Was this email actually authorized by that agent?" API keys can be leaked. Domain-based auth can be spoofed. Wallet signatures can't. Every email cryptographically bound to the sender's key. Per-message. Unforgeable. Channel ≠ Identity. #AIAgents #Web3

• 
  Carson (@aptus_short) reported 1 hour ago

  @livgo1f Its easy af nowadays to just use AWS SES and cloudflare email to be the email sender. Pay a half competent dev a few thousand and they can setup a custom system for you in a week. If you need help with it dm me

• 
  Eltee/ǝǝʇןƎ 🦀🏳️‍🌈 (@eltee7x) reported 1 hour ago

  @Leon4788 @NCyotee This is the original sin, yes. The moment you stop being a service provider and start choosing what to allow on your platform, you become an editor and lose the protections granted to service providers. Cloudflare made the same mistake when it decided to ban The Daily Stormer.

• 
  Skuffd (@skuffd) reported 1 hour ago

  @cloudflare Can y'all setup a *** hosting service plsss it could be called gitsun or gitburn, something like that