Large parts of the internet went dark on Tuesday after a critical Cloudflare service failed, temporarily knocking some of the world’s biggest websites offline — including X, ChatGPT, Perplexity, Spotify, and Canva — leaving millions staring at “internal server error” messages. The company has since resolved the issue, but not before disrupting the service of millions of users worldwide.
The disruption left millions staring at “internal server error” messages, sparking confusion, memes, and frantic refreshes. But Cloudflare soon confirmed it was dealing with a critical internal failure, not a cyberattack.
Cloudflare’s Chief Technology Officer (CTO), Dane Knecht, issued a rare, blunt apology shortly after services began recovering, saying the company had “failed our customers and the broader internet.”
I won’t mince words: earlier today we failed our customers and the broader Internet when a problem in @Cloudflare network impacted large amounts of traffic that rely on us. The sites, businesses, and organizations that rely on Cloudflare depend on us being available and I…
— Dane Knecht 🦭 (@dok2001) November 18, 2025
A Routine Change That Triggered A Global Meltdown
The outage began at around 11:48 UTC on November 18, when Cloudflare’s systems started crashing in its bot mitigation layer. This is an inline security system that screens website traffic daily for suspicious behavior.
These errors quickly cascaded across its global network, affecting everything from website loading to API calls and even Cloudflare’s own Access and WARP security tools.
What should have been a simple configuration change instead exposed a dormant flaw buried deep inside Cloudflare’s bot mitigation system.
“Transparency about what happened matters, and we plan to share a breakdown with more details in a few hours. In short, a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made. That cascaded into a broad degradation to our network and other services. This was not an attack,” Knecht emphasized.
Fix Deployed, But Some Features Stayed Slow
Cloudflare engineers deployed a fix at 14:42 UTC and began restoring traffic flows. Sites slowly came back online, but the company warned that analytics, logs, and dashboard tools would continue to remain sluggish. As part of the mitigation effort., Cloudflare temporarily suspended WARP access for users in London.
“A fix has been implemented and we believe the incident is now resolved. We are continuing to monitor for errors to ensure all services are back to normal,” the company said.
We continue to see errors and latency improve but still have reports of intermittent errors. The team continues to monitor the situation as it improves, and looking for ways to accelerate full recovery.”
For now, Cloudflare says things are back to normal. However, the outage underscores how vulnerable even major cloud and security platforms remain vulnerable to small internal mistakes capable of causing widespread disruption.
