Cloudflare outage: the blackout that left the Internet half-down — explained

What happened (timeline and symptoms)

According to Cloudflare, the problem began in its network at 11:20 UTC on 18 November 2025.

Users started seeing “500” errors and error pages; outage reports (for example on Downdetector) spiked, and sites such as X, ChatGPT, Canva, Shopify, Dropbox and others reported interruptions or erratic responses.

Cloudflare detected the degradation first through automated checks and began investigating shortly after. The company recorded that core traffic began to flow mostly normally from 14:30 UTC (15:30 CET) and that all services had returned to normal by 17:06 UTC (18:06 CET).

Cloudflare’s response

Cloudflare published a postmortem on its official site explaining the incident was not a cyberattack: it was caused by a permissions change in one of its databases that made the logic generating a “features” file used by its Bot Management system duplicate the file’s size.

The larger file propagated across the network and exceeded an internal limit, triggering failures in the traffic-routing software. Cloudflare outlines how the issue was identified and the steps taken to fix it (stop generating new files, restore a known-good version, and restart core proxies). The company apologized for the impact and said it will publish a full report with measures to prevent recurrence.

Why it was so severe

Cloudflare handles a significant portion of Internet traffic (its services speed up sites, protect against DDoS attacks and apply security and performance rules).

When a CDN/service of this scale fails, the effect is like a “bridge being cut”: even if origin servers remain online, many users cannot reach them because the intermediary routing and security layer (Cloudflare) is not operating correctly.