Cloudflare status: hosting issues and outage reports

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

• Domains (41%)
• Cloud Services (26%)
• Hosting (17%)
• Web Tools (11%)
• E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

City	Problem Type	Report Time
Noida	Hosting	7 days ago
Jewar	E-mail	7 days ago
Braga	Web Tools	7 days ago
Noida	Cloud Services	8 days ago
Paris	Cloud Services	8 days ago
Prievidza	Domains	9 days ago

Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Letra (@letra_ng) reported 4 minutes ago

  Hi guys, I'm the lead dev @shopnowngg and I have been shipping non-stop. This is a full ecommerce application built from scratch. Tech-stack: 1. Frontend React 19, Tailwindcss v4, lucide react for icons, Motion(formerly framer Motion) for animations 2. Backend & Serveless API Hono V4, Cloudflare workers, Zod, JWT for security and Auth, D1 Database (cloudflare D1) 3. Tooling & Environment Vite V6 for build system, Typescript, wrangler for local dev server. 4. Hosting Cloudflare's global edge network Ask me any questions about the setup.

• 
  Gordus (@medicgordus) reported 6 minutes ago

  @CloudflareDev @xai @Cloudflare I absolutely love cloudflare. I also love grok. I will be trying this. Note: Grok has never recommended any cloudflare products, but as I am familiar with cloudflare, I have it implement R2, D1, etc. into my solutions. Maybe I will make a guide?

• 
  Logan Thorneloe (@loganthorneloe) reported 8 minutes ago

  @aarondfrancis @browserbase @Cloudflare That is the worst government website

• 
  Matt 'TK' Taylor (@MattieTK) reported 10 minutes ago

  I've written a Cloudflare-First issue tracker for agents and dogfooding building it with Claude Code (Claude writes issues to it to improve how it can write issues to it) and this feels like the Product Manager equivalent of working on your esoteric Pi configs.

• 
  GoCocoaAI (@GoCocoaAI) reported 11 minutes ago

  Thousands of legitimate sites hijacked to run ClickFix and FakeUpdate against every visitor BLUF: A critical unauthenticated SQL injection in Ghost CMS handed attackers admin keys to 700+ websites. Visitors to those sites are now being served fake Cloudflare CAPTCHAs and fake browser update prompts designed to trick them into running attacker-supplied PowerShell. The site owner's involvement ended at the moment of compromise. 1. The root: CVE-2026-26980, Ghost CMS Ghost CMS versions 3. 24. 0 through 6. 19. 0 carry a CVSS 9. 4 unauthenticated SQL injection (CWE-89). The CVSS vector is the detail that matters — AV:N/AC:L/PR:N/UI:N. One crafted request, no credentials, no complexity, admin API key extracted from the database. Attackers then inject malicious JavaScript directly into article templates. Every published page on that installation now serves attacker-controlled content to every subsequent visitor. XLab telemetry pinned the active campaign to May 7, 2026. Patched version is 6. 19. 1. 2. The delivery: ClickFix and FakeUpdate at industrial scale Phase one is silent and server-side. Phase two lands on the visitor. Compromised sites serve either a fake Cloudflare "verify you are human" CAPTCHA (ClickFix) or a fake browser update prompt (FakeUpdate). Both techniques pressure the visitor into opening PowerShell or the Run dialog and pasting attacker-supplied commands. Observed downstream payloads across prior ClickFix campaigns include credential stealers, RATs, and ransomware dropper stages. The education and tech sector concentration in this campaign is not accidental — Ghost CMS is heavily adopted in developer blogs, university publications, and tech media. A compromised developer workstation is a pivot to CI/CD pipelines, cloud credentials, and code signing infrastructure. 3. KEV status and model lag CVE-2026-26980 is not yet on the CISA KEV list. That is a timing gap, not an editorial judgment — it meets every criterion. Expect a listing within days. Automated scoring models that show no active exploitation signal are running behind field reporting from XLab and Malwarebytes. Treat verified field reporting as ground truth here. Operator take: If you run Ghost CMS between 3. 24. 0 and 6. 19. 0, treat your admin API key as compromised. Patch to 6. 19. 1, rotate the key, audit every theme and template file for injected script tags, and check your CDN cache for poisoned content. On the endpoint side, ClickFix and FakeUpdate succeed by abusing Cloudflare and browser brand trust — no legitimate verification page asks a user to open PowerShell. Block PowerShell execution from browser-spawned processes at the EDR policy layer. The quiet work now is cheaper than the loud paperwork later.

• 
  The Bearded Dev (@BeardWhoCodes) reported 12 minutes ago

  @theo @NoamTenne @Cloudflare Only problem I'm having right now which support hasn't been able to get to the bottom of, is how to re-enable ssl on a domain that had universal ssl disabled. Basically impossible... don't accidentally click that button.

• 
  Saeed Anwar (@saen_dev) reported 15 minutes ago

  Cloudflare tunnels for mobile dev testing is genuinely underrated — it removes the whole "how do I hit localhost from my phone" headache. Once you set this up once you never go back to emulator-only testing.

• 
  Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported 21 minutes ago

  @beffjezos If America owned 5% of DESIGNA and I had say $30M in the bank to grow, that would be a fair exchange and I could probably open source and give it to all 50 states to use but NOPE instead they would rather use ****** companies who burn down the internet like Cloudflare

• 
  Babak (@TheUnicornist) reported 22 minutes ago

  @jamesqquick ok. I was waiting for you to say cloudflare any moment but that moment never came

• 
  Jon Ezell (@Jonezell_) reported 23 minutes ago

  Looks like there may be a related @Cloudflare outage causing it Not a good day for our product release 😰

• 
  Nicholas Griffin (@ngriffin_uk) reported 26 minutes ago

  @trashh_dev @GoDaddy they’re terrible at this. move off as soon as you get back in. my suggestion would be cloudflare domains.

• 
  Ivan_Qtech (@ivanjovic) reported 30 minutes ago

  @cursor_ai But where do i runt this agent i đanaged to install it through the github action but i think that is wrong becuse it runs from the stsrt each time. Can i somehow use it throguh cloudflare containers? @grok please help?

• 
  Kip (@mystwerks) reported 30 minutes ago

  @Jaycutlerblow22 @BogOnMyDog DDOS's are really hard to mitigate and even cloudflare has been taken down by them, its not like this **** is just a 'throw more money at it and its solved' issue, isps have to do lots of work to try to start fixing it

• 
  Fallon Martin (@fallawanna2) reported 31 minutes ago

  @xai @Cloudflare Womens bodies are not up for free use for existing online nor off and the sooner you pathetic perverts grow ******** up and realize that the better

• 
  Paulie Esther 🔜 DBD MTL🇨🇦 (@PaulieEsther1) reported 33 minutes ago

  @GreenleafT53813 i heard cloudflare is down

• 
  DFIR Radar (@DFIR_Radar) reported 40 minutes ago

  New Gafgyt variant C0XMO exploits DD-WRT routers via CVE-2021-27137, features modular Python-based lateral movement and targets multiple Linux architectures. Advanced botnet shows operational evolution. Technical breakdown: • Exploits stack buffer overflow in DD-WRT UPnP service via malformed SSDP M-SEARCH requests on UDP 1900 • Multi-stage persistence: copies to /tmp/.sys, /var/tmp/.sys, /dev/shm/.sys with cron jobs every 15 minutes • Separates scanning into standalone Python script using paramiko, requests, beautifulsoup4 packages • C2 handshake uses magic string 669787761736865726500 + shared secret to 85[.]215[.]131[.]70 • Supports 19 DDoS attack methods including UDP bypass, TCP floods, NTP amplification, Cloudflare bypass Attack chain: • Initial access via CVE-2021-27137 buffer overflow targeting Japanese 🇯🇵 tech firm from Germany 🇩🇪 • Downloads architecture-specific binaries (ARM, MIPS, x86_64, PowerPC) to /tmp/.cache • Python scanner targets Telnet/SSH weak credentials + HTTP exploits (GLPI, AVTECH, Zyxel) • Terminates competing botnets and removes rival persistence mechanisms Hunt for hidden executables in /tmp/.sys, /var/tmp/.sys with 755 permissions and outbound connections to 85[.]215[.]131[.]70 or 217[.]160[.]125[.]125:15527. #DFIR_Radar

• 
  * Sharron Idol * (@Shazzalive) reported 43 minutes ago

  Stopping the bad guys with Cloudflare: 8,584 malicious requests blocked or challenged in the last month #cloudflare

• 
  𝙵𝚛𝚎𝚎 𝙶𝚘𝚗𝚊𝚍 (@stronkly_typed) reported 46 minutes ago

  @KuptoKosmos @Cloudflare wtf is this, be a serious company for once please

• 
  Upwind Security MDR (@UpwindMDR) reported 48 minutes ago

  🚨HTTP/2 Bomb DoS Vulnerability Impacts NGINX, Apache, IIS, Envoy & Cloudflare Researchers disclosed "HTTP/2 Bomb", a denial-of-service technique that abuses HTTP/2 header compression (HPACK) and flow-control mechanisms to trigger massive memory exhaustion. A single client can reportedly consume tens of gigabytes of server memory and render affected services unavailable. 👉 Affected: Default HTTP/2 configurations in NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora ✅ Fixes: • NGINX: Upgrade to 1.29.8+ • Apache HTTPD: Upgrade to mod_ v2.0.41 • IIS, Envoy, Pingora: No patch available yet

• 
  Chaitanya (@chayprabs) reported 51 minutes ago

  @shreyansj hey, just pointing something out. Your website took 3 reloads to open and gave content not available errors after every 2-3 clicks when navigating between pages. I think you guys should a global cdn using cloudflare or something.

• 
  Klaus Townsend (@klaus_townsend) reported 53 minutes ago

  @mike_lustgarten @pubmed It’s likely a DNS-level protection from a service like Cloudflare. All popular websites need it these days. The volume of AI and spam traffic is crippling websites and keeps getting harder to distinguish from desirable traffic.

• 
  Keith Ramphal (@KeithRamphal) reported 55 minutes ago

  @NoamTenne @Cloudflare Because there's no situation where they talk down to you, you might be wrong in how you think something works, but they're always polite and professional. If you show up with a security issue, you *will* get attention. Probably more than you expect. CF does it right and they do it at scale.

• 
  Naruna Narayana (@NarunaNarayana) reported 56 minutes ago

  @MishaJean39157 @ionirvine It should be working now ! I missed setting up the redirect on cloudflare. If any more issues, dm.

• 
  Dave (@DaveDiederen) reported 57 minutes ago

  @Rohan6709 Yeah CloudFlare seems to be down as well. Might be the core issue

• 
  The American Protectors of Journalistic Freedom (@melisandrePro) reported 57 minutes ago

  Cloudflare Is a terrible interference that keeps you from searching websites. It does exactly the opposite as intended.

• 
  Stock Report (@StockReportt) reported 59 minutes ago

  $NET — Cloudflare AI traffic is exploding — and it all runs through Cloudflare’s network. Revenue growing 27% YoY with a path to enormous operating leverage. Most investors still think of it as just a CDN.

• 
  Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported 59 minutes ago

  @NoamTenne @Cloudflare Not sure what rock you're living under but they have caused a couple major national and global outages, that's not even the worst of it

• 
  Nate Roth (@NathanCRoth) reported 59 minutes ago

  everyone watching ai is counting gpus. anthropic just spent 300 million on a sixty-person startup that writes sdks. stainless quietly built the libraries that openai, google, perplexity, and cloudflare ship to their own developers. anthropic bought it and is winding the hosted product down. competitors now rebuild that pipeline from scratch while claude gets tighter into every mcp server developers stand up. this is the third deal in six months one layer above the model. bun, vercept, now stainless. the model is becoming the commodity, the connective tissue is where the margin lives, the auth, the retries, the schemas an agent can actually use at 3am. anthropic authored mcp. now it owns the best implementation of mcp. every rival lab routes through anthropic's plumbing. the race stopped being about who has the smartest model. the actual moat is owning plumbing the agents run on..

• 
  PiBazar.eu™ & Jwkk.Biz™ (@jwkkbiz) reported 1 hour ago

  Stopping the bad guys with Cloudflare: 1,163 malicious requests blocked or challenged in the last month #cloudflare

• 
  Artur Chmaro ⛛ (@ArtiChmaro) reported 1 hour ago

  Does anyone run Railway on production? It’s perfect for poc, demos but running production app on it is damn expensive (especially memory usage). After many attempts to optimize memory usage with cache, cloudflare etc I just decided to move into self-hosted VPS with Coolify and Hermes for management. VPS is already cheaper and still have capacity to serve more apps. I hope this would be my final setup. Don't want to move it again 🥲