Cloudflare, a major network service provider, encountered a significant six-hour service disruption on February 20, 2026. The issue arose from an internal configuration update that affected their Bring Your Own IP (BYOIP) services, leading to substantial disruptions for users worldwide.
Breakdown of the Outage
The outage began at 17:48 UTC and lasted for over six hours. During this time, Cloudflare unintentionally withdrew customer Border Gateway Protocol (BGP) routes, leading to widespread inaccessibility of services and websites. This incident resulted in HTTP 403 errors on Cloudflare’s public DNS resolver, 1.1.1.1, impacting 25% of all BYOIP prefixes globally.
Cloudflare confirmed that the disruption was not due to a cyberattack or any malicious intent. Instead, an internal bug within their Addressing API was identified as the root cause. This bug was introduced during the deployment of an automated task meant to enhance the company’s resilience strategy, specifically targeting the manual processes related to BYOIP prefix removal.
Technical Analysis of the Failure
The failure stemmed from a coding oversight during an API query. An erroneous command led the system to queue all returned BYOIP prefixes for deletion, rather than just those intended for removal. This error resulted in approximately 1,100 prefixes being deleted, along with their service bindings. Consequently, affected connections entered a state known as BGP Path Hunting, causing end-user connections to fail as they searched in vain for routes.
Many critical Cloudflare services, such as Core CDN and Security Services, Spectrum, Dedicated Egress, and Magic Transit, faced severe disruptions. Connections were either timed out or failed to proxy traffic, highlighting the extensive impact on Cloudflare’s network infrastructure.
Efforts Toward Recovery and Future Prevention
Recovery efforts were complicated and varied in intensity due to the differing impacts on customer prefixes. While some users could self-remediate through Cloudflare’s dashboard, others required manual intervention by engineers to restore service bindings and global configurations. Approximately 300 prefixes experienced complete service removal, necessitating intensive restoration efforts.
In response to the incident, Cloudflare is implementing several architectural changes to prevent similar issues in the future. These include standardizing API schemas to avoid flag interpretation errors, deploying circuit breakers to detect rapid BGP prefix deletions, and creating operational state snapshots to safeguard customer configurations during production rollouts.
Cloudflare has issued a formal apology to its users and the broader internet community, acknowledging that the outage disrupted its core promise of network resilience. The company is committed to enhancing its systems to prevent future occurrences of such catastrophic disruptions.
Stay updated with the latest in cybersecurity by following us on Google News, LinkedIn, and X. Contact us to share your stories.
