{"id":10862,"date":"2026-02-22T10:04:32","date_gmt":"2026-02-22T10:04:32","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/02\/22\/cloudflare-down-6-hour-of-massive-global-service-outage-cause-customers-unreachable-from-the-internet\/"},"modified":"2026-02-22T10:04:32","modified_gmt":"2026-02-22T10:04:32","slug":"cloudflare-down-6-hour-of-massive-global-service-outage-cause-customers-unreachable-from-the-internet","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/02\/22\/cloudflare-down-6-hour-of-massive-global-service-outage-cause-customers-unreachable-from-the-internet\/","title":{"rendered":"Cloudflare Down \u2013 6 Hour of Massive Global Service Outage Cause Customers Unreachable From the Internet"},"content":{"rendered":"<p>    Cloudflare Down \u2013 6 Hour of Massive Global Service Outage Cause Customers Unreachable From the Internet<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Cloudflare experienced a significant six-hour global service outage on February 20, 2026, causing major disruptions for customers utilizing its Bring Your Own IP (BYOIP) services. <\/p>\n<p>The incident, which began at 17:48 UTC and lasted for six hours and seven minutes, unintentionally withdrew customer BGP routes from the Internet, rendering numerous services and applications unreachable. <\/p>\n<p>The company confirmed the disruption was entirely caused by an internal configuration update rather than a cyberattack or malicious activity, affecting 25 percent of all BYOIP prefixes globally and triggering <a href=\"https:\/\/developers.cloudflare.com\/support\/troubleshooting\/http-status-codes\/4xx-client-error\/error-403\/\" target=\"_blank\" rel=\"noreferrer noopener\">HTTP 403 errors<\/a> on the 1.1.1.1 public recursive DNS resolver website.<a href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u200b<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"embed-twitter\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Cloudflare suffered a service outage on February 20, 2026. A subset of customers who use Cloudflare\u2019s Bring Your Own IP (BYOIP) service saw their routes to the Internet withdrawn via Border Gateway Protocol (BGP). Here&#8217;s the breakdown of what happened, including our logic for the\u2026<\/p>\n<p>\u2014 Cloudflare (@Cloudflare) <a href=\"https:\/\/twitter.com\/Cloudflare\/status\/2025285780067742151?ref_src=twsrc%5Etfw\">February 21, 2026<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"technical-breakdown-of-the-addressing-api-failure\"><strong>Technical Breakdown of the Addressing API Failure<\/strong><\/h2>\n<p>The root cause of the outage traced back to an internal bug within Cloudflare\u2019s Addressing API introduced during an automated cleanup sub-task deployment.<\/p>\n<p>This task was designed to replace manual removal processes for BYOIP prefixes as part of the company\u2019s \u201cCode Orange: Fail Small\u201d resilience initiative. <\/p>\n<p>Engineers deployed a system to periodically check and remove pending objects from the network. However, the system executed an API query passing the\u00a0<code>pending_delete<\/code>\u00a0flag with no assigned value, resulting in the server interpreting the empty string as a command to queue all returned <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-network\/ip-services\/custom-ip-address-prefix\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BYOIP prefixes<\/a> for deletion rather than just those slated for removal.<a href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u200b<\/p>\n<p>This coding oversight systematically deleted approximately 1,100 BYOIP prefixes and their dependent service bindings before an engineer manually terminated the process. <\/p>\n<p>The impacted connections immediately fell into a state known as <a href=\"https:\/\/blog.cloudflare.com\/going-bgp-zombie-hunting\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BGP Path Hunting<\/a>, where end-user connections continually search for destination routes until they time out and fail. The blast radius extended across multiple core products that rely on BYOIP configurations for Internet advertisement.<a href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u200b<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Service or Product<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Impact Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Core CDN and Security Services<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Traffic failed to route to Cloudflare, resulting in connection timeouts for advertised websites\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\"><\/a>\u200b.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Spectrum<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Applications operating on BYOIP completely failed to proxy traffic\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\"><\/a>\u200b.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Dedicated Egress<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Users leveraging BYOIP or Dedicated IPs could not send outbound traffic to their destinations\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\"><\/a>\u200b.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Magic Transit<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">End users connecting to protected applications experienced complete connection failures and timeouts\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\"><\/a>\u200b.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"recovery-efforts-and-planned-remediation\"><strong>Recovery Efforts and Planned Remediation<\/strong><\/h2>\n<p>Recovery was severely delayed because the mass withdrawal affected customer prefixes differently, requiring intensive and varied data recovery operations. <\/p>\n<p>While some users maintained the ability to self-remediate by toggling their advertisements back on via the Cloudflare dashboard, roughly 300 prefixes suffered complete removal of their service bindings. <\/p>\n<p>These severely impacted accounts required manual restoration by engineers who had to push global configuration updates to reapply settings across every machine on the edge network.<a href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u200b<\/p>\n<p>To prevent future catastrophic deployments, Cloudflare is accelerating several critical architecture changes under its Code Orange mandate.<\/p>\n<p>The engineering team plans to standardize the <a href=\"https:\/\/cybersecuritynews.com\/best-api-protection-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">API schema<\/a> to prevent flag interpretation errors, implement circuit breakers to detect abnormally fast BGP prefix deletions, and establish health-mediated operational state snapshots to separate customer configurations from production rollouts.<a href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u200b<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Time (UTC)<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Incident Event Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">17:56<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">The broken sub-process executes, withdrawing prefixes and triggering the outage\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\"><\/a>\u200b.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">18:46<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">An engineer identifies the flawed task, disables regular execution, and begins mitigation\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\"><\/a>\u200b.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">19:19<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Dashboard self-remediation becomes available, allowing some customers to restore service\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\"><\/a>\u200b.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">23:03<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Global machine configuration deployment completes, fully restoring the remaining removed prefixes\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\"><\/a>\u200b.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhkYio5UAnpMnpmkbqjihQ_ivncV6sRCjJgg_bYflmFjQbbQ6CcsjCk9dxh5eo-w00-jbG3awu3eiAXuB4P4mB6UptqNZw01Fb9YPe7uOImGIgW5HYk5MGiGjMWafzgD69eQVijihaSB6l55FHggd1RzU6bCiubzHDQwsKvNsKi7nTI17_LFbC04twaJdw7\/s1600\/BLOG-3193_2.webp?ssl=1\" alt=\"\"><\/figure>\n<p>Cloudflare concluded its official <a href=\"https:\/\/blog.cloudflare.com\/cloudflare-outage-february-20-2026\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">incident report<\/a> with a direct apology to its users and the global internet community regarding the February 20 disruption. The company publicly acknowledged that the widespread outage undermined its core promise of delivering a highly resilient network.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(135deg,rgb(238,238,238) 100%,rgb(169,184,195) 100%)\"><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>, and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0for daily cybersecurity updates.\u00a0<a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener\">Contact us<\/a>\u00a0to feature your stories.<\/strong><\/p>\n<\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/cloudflare-down-6-hour-of-massive-global-service-outage\/\">Cloudflare Down \u2013 6 Hour of Massive Global Service Outage Cause Customers Unreachable From the Internet<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Balaji N<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/cloudflare-down-6-hour-of-massive-global-service-outage\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cloudflare Down \u2013 6 Hour of Massive Global Service Outage Cause Customers Unreachable From the Internet Cloudflare experienced a significant six-hour global service outage on February 20, 2026, causing major disruptions for customers utilizing its Bring Your Own IP (BYOIP) services. The incident, which began at 17:48 UTC and lasted for six hours and seven [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[531,129,63],"tags":[130],"class_list":["post-10862","post","type-post","status-publish","format-standard","hentry","category-cloud","category-cyber-security","category-cyber-security-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10862"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=10862"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10862\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=10862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=10862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=10862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}