Cloudflare status: hosting issues and outage reports

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

• Domains (40%)
• Cloud Services (28%)
• Hosting (17%)
• Web Tools (11%)
• E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

City	Problem Type	Report Time
Noida	Hosting	6 days ago
Jewar	E-mail	6 days ago
Braga	Web Tools	7 days ago
Noida	Cloud Services	7 days ago
Paris	Cloud Services	7 days ago
Prievidza	Domains	8 days ago

Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  swordholder0 (@swordholder0) reported 2 minutes ago

  Use tanstack start + cloudflare months ago, never regret.

• 
  spring ✝ (@TheNintendoGoof) reported 7 minutes ago

  >notification of cloudeflare payment going through >email from cloudflare saying payment didnt go through everytime lol @Cloudflare fix your stuff brodie.

• 
  Prince mendiratta (@PriMendiratta) reported 11 minutes ago

  @leahsong23 @Cloudflare cron support for workers for platform!

• 
  Jon Ezell (@Jonezell_) reported 11 minutes ago

  Looks like there may be a related @Cloudflare outage causing it Not a good day for our product release 😰

• 
  DataScraperES (@DataScraperES) reported 14 minutes ago

  If in 2026 you're still scraping valuable data with basic requests and a fake User-Agent, you're not extracting: you're asking to get blocked. Cloudflare and DataDome look at TLS, headers, cookies, JS, IPs, and patterns. BeautifulSoup is not the problem. Your fingerprint is.

• 
  Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported 15 minutes ago

  Kind of annoyed to learn I was right about @Cloudflare blocking my IP addresses. Really ******... Has caused a lot of problems over the past six months. I didn't have time to investigate it deeply until today to confirm. It's a bad look for a business to single out their next competitor @CloudflareHelp @CloudflareDev

• 
  Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported 20 minutes ago

  @eastdakota @NoamTenne @Cloudflare **** around and find out Matt when a judge gets a load of the damages and that your company blocked access to tools I'm using to prepare for legal matters, they will throw the ******* book at you and your business.

• 
  Kelli Jayne Nunez (@JayneNunez11) reported 20 minutes ago

  @davidafendley @namesilo @Cloudflare Ran into that with another vendor, lower price mattered til the tooling actually saved me time. MCP support is sticky, Virlo API made that click for me fast once Claude could pull the data without extra glue code

• 
  Andrew Clark (@AndrewC70136680) reported 21 minutes ago

  @AkumaMikoVT no, I'm just, really ******* annoyed that Kaido is having cloudflare problems that ****** me over when it comes to watching stuff

• 
  Keith Ramphal (@KeithRamphal) reported 27 minutes ago

  @NoamTenne @Cloudflare Because there's no situation where they talk down to you, you might be wrong in how you think something works, but they're always polite and professional. If you show up with a security issue, you *will* get attention. Probably more than you expect. CF does it right and they do it at scale.

• 
  The American Protectors of Journalistic Freedom (@melisandrePro) reported 27 minutes ago

  Cloudflare Is a terrible interference that keeps you from searching websites. It does exactly the opposite as intended.

• 
  Dr J Rould (@jrouldz) reported 27 minutes ago

  @hectoribarez76 @QuantumDom Does that somehow negate the problem for bitcoin? Because other entities also need upgrades? The likes of JP Morgan and Cloudflare are already implementing PQC upgrades Bitcoin isn’t upgrading because it requires community consensus (hard or soft fork?) and community would rather kick can down the road than upgrade because “it’s far away and other entities have problems too” But that’s not a solution. This is likely part of why Bitcoin is flailing

• 
  dantsu 🎶 (@stratospheriae) reported 29 minutes ago

  i migrated my website to cloudflare the other week and i didn't realize that you had to set up your own www. redirects yourself. for a good 7 days straight a whole bunch of links across all of my socials were just broken and i didn't find out until someone literally told me

• 
  Nicholas Griffin (@ngriffin_uk) reported 31 minutes ago

  @trashh_dev @GoDaddy they’re terrible at this. move off as soon as you get back in. my suggestion would be cloudflare domains.

• 
  Anh Tran (@rilwis) reported 31 minutes ago

  @rmelogli @learnwithmattc I usually use browser bookmarks. But it becomes a problem when switching browsers. So I export it to a html file, tell Claude to design it a little bit, and deploy to Cloudflare. Now I set it as my browser homepage :)

• 
  Luke Parker (@LukeParkerDev) reported 37 minutes ago

  @theo @NoamTenne @Cloudflare I swear everyone at CF is also devrel (and not bad at it)

• 
  GoCocoaAI (@GoCocoaAI) reported 41 minutes ago

  Thousands of legitimate sites hijacked to run ClickFix and FakeUpdate against every visitor BLUF: A critical unauthenticated SQL injection in Ghost CMS handed attackers admin keys to 700+ websites. Visitors to those sites are now being served fake Cloudflare CAPTCHAs and fake browser update prompts designed to trick them into running attacker-supplied PowerShell. The site owner's involvement ended at the moment of compromise. 1. The root: CVE-2026-26980, Ghost CMS Ghost CMS versions 3. 24. 0 through 6. 19. 0 carry a CVSS 9. 4 unauthenticated SQL injection (CWE-89). The CVSS vector is the detail that matters — AV:N/AC:L/PR:N/UI:N. One crafted request, no credentials, no complexity, admin API key extracted from the database. Attackers then inject malicious JavaScript directly into article templates. Every published page on that installation now serves attacker-controlled content to every subsequent visitor. XLab telemetry pinned the active campaign to May 7, 2026. Patched version is 6. 19. 1. 2. The delivery: ClickFix and FakeUpdate at industrial scale Phase one is silent and server-side. Phase two lands on the visitor. Compromised sites serve either a fake Cloudflare "verify you are human" CAPTCHA (ClickFix) or a fake browser update prompt (FakeUpdate). Both techniques pressure the visitor into opening PowerShell or the Run dialog and pasting attacker-supplied commands. Observed downstream payloads across prior ClickFix campaigns include credential stealers, RATs, and ransomware dropper stages. The education and tech sector concentration in this campaign is not accidental — Ghost CMS is heavily adopted in developer blogs, university publications, and tech media. A compromised developer workstation is a pivot to CI/CD pipelines, cloud credentials, and code signing infrastructure. 3. KEV status and model lag CVE-2026-26980 is not yet on the CISA KEV list. That is a timing gap, not an editorial judgment — it meets every criterion. Expect a listing within days. Automated scoring models that show no active exploitation signal are running behind field reporting from XLab and Malwarebytes. Treat verified field reporting as ground truth here. Operator take: If you run Ghost CMS between 3. 24. 0 and 6. 19. 0, treat your admin API key as compromised. Patch to 6. 19. 1, rotate the key, audit every theme and template file for injected script tags, and check your CDN cache for poisoned content. On the endpoint side, ClickFix and FakeUpdate succeed by abusing Cloudflare and browser brand trust — no legitimate verification page asks a user to open PowerShell. Block PowerShell execution from browser-spawned processes at the EDR policy layer. The quiet work now is cheaper than the loud paperwork later.

• 
  Nektr Web3 (@Nektr_co) reported 41 minutes ago

  Stopping the bad guys with Cloudflare: 9,498 malicious requests blocked or challenged in the last month #cloudflare @n3st3dlabs

• 
  Tony Seets (@tonyseets) reported 43 minutes ago

  @NoamTenne @Cloudflare Plenty of **** had been talked about Cloudflare. Ever been around during an outage? But generally agree Cloudflare infra streamlines so much and these days AI gobbles it up provided you can steer in the right directions.

• 
  Adam Rackis (@AdamRackis) reported 49 minutes ago

  Working with slow airline wifi. Cloudflare dashboard consistently loads in a few seconds; it's sluggish but usable Google developer console (need to update an oauth redirect) hangs for over a minute with just the stupid G icon animating. The difference in care is palpable

• 
  Cyris (@sudo_overflow) reported 49 minutes ago

  @heyandras I worry about self hosting a password manager, in case something goes down. But I would def do it as a secure Cloudflare worker.

• 
  Thom (@Thom_K_NL) reported 49 minutes ago

  @kinngh @thomasgauvin @Cloudflare I need this.... Bad

• 
  Capt_wachira (@Capt_wachira) reported 51 minutes ago

  3/6 The self-hosting blueprint: From zero to de-Googled in a weekend Hardware: Old laptop, mini-PC, or $5/mo Hetzner VPS. Ubuntu Server minimal. Stack: Docker + Docker Compose + Nginx Proxy Manager + Cloudflare Tunnel. You now run your own Google. Uptime is your job. So is the win. One-time setup, lifetime ownership. No “We’re shutting down Inbox” emails.

• 
  Muhammet A. 👉🏻 Mobile Dev (@indiesoftwaredv) reported 52 minutes ago

  My mobile apps made $3,058 in May 2026 📱 Fitness app Turkish version made around $2.5k 📱 Fitness app English version made $500 Expense: 💰 $40 Cloudflare for hosting/streaming videos Didn't post about the US market for my EN Fitness app 👎🏻 TikTok Ads Failed 🫴🏻 Meta Ads was not good, not bad I want to spend money on sustainable marketing So built my own social media posting automation

• 
  AwesomeAI (@Awesome_AI_News) reported 52 minutes ago

  Cloudflare launches a groundbreaking web search API, enabling AI agents to access real-time public web pages, addressing information lag and errors caused by training data cutoffs, breaking traditional monopolies..... Cloudflare推出颠覆性网络搜索功能，通过API让AI智能体实时访问公开网页，解决大模型因训练数据截止日期导致的信息滞后和错误问题，打破传统巨头垄断。

• 
  Divyansh Bajaj (@divyanshbajaj) reported 53 minutes ago

  @faisalziaanwer Cloudflare is down

• 
  Logan Thorneloe (@loganthorneloe) reported 56 minutes ago

  @aarondfrancis @browserbase @Cloudflare That is the worst government website

• 
  Beautyon (@Beautyon_) reported 57 minutes ago

  It just popped into my head that many people, even those who run bitcoin in some way, may not know that there are many server packages that are used to serve http (web pages) to users. Here is a list of all the web servers a machine could find along with the percentage of deployment live on the web: Nginx: 32.3% Cloudflare Server: 28.1% Apache HTTP Server: 23.3% LiteSpeed: 15.2% Node.js: 6.4% Microsoft IIS: 3.2% Envoy: 1.0% Caddy: 0.2% Kestrel: 0.1% Traefik: < 0.1% HAProxy: < 0.1% Tomcat: < 0.1% Jetty: < 0.1% Gunicorn: < 0.1% Uwsgi: < 0.1% Puma: < 0.1% Unicorn: < 0.1% Lig < 0.1% Cherokee: < 0.1% Sun Java System Web Server: < 0.1% Now it is not hard to imagine (is it?) that when the bitcoin protocol ossifies, there will be at least this many options for people to run bitcoin services, all with their own advantages depending on how you use bitcoin. In a scenario where there are many offers, there is enough to choose from and everyone is able to build whatever they want on top of bitcoin. The most important thing is that bitcoin never changes, and is the fundamental underlying rock you can build on. Anyone with an idea (very few people have these) can build their own infrastructure to offer whatever they want, from "Tokens", "Ordinals", "Runes", NorP Storage, or anything else. Large, and presumably, serious institutions like Goldman Sachs will no doubt develop "Mercantild" the bitcoin client for the big banks. Everyone, every class of users will have their own preferred bitcoin client. And this is, perhaps, the problem. The number of people with actual ideas is extremely low. It is a number so small, it rivals the planck length. This why the barely human people currently running their scams on layer one are launching a "new" token, something that has been done before, only this time on Bitcoin. Only a complete ****** totally bereft of imagination thinks that this is innovation, or a good thing, or useful in any way. They can't conceive of a world where building on bitcoin is like building on the web. It's beyond their power to mentally process and sort. But this is where you live, in 2026. Ossification and client proliferation will keep bitcoin clean, force all low IQ, low imagination, imitative, Cargo Cult, mentally deficient, estrogenized, quote ********* manlets from despoiling the Golden Path of Bitcoin. It will allow a plethora of new specialist clients to emerge, enabling every "use case" anyone can conjure. Hope this helps!

• 
  Paulie Esther 🔜 DBD MTL🇨🇦 (@PaulieEsther1) reported 57 minutes ago

  @GreenleafT53813 i heard cloudflare is down

• 
  Upwind Security MDR (@UpwindMDR) reported 59 minutes ago

  🚨HTTP/2 Bomb DoS Vulnerability Impacts NGINX, Apache, IIS, Envoy & Cloudflare Researchers disclosed "HTTP/2 Bomb", a denial-of-service technique that abuses HTTP/2 header compression (HPACK) and flow-control mechanisms to trigger massive memory exhaustion. A single client can reportedly consume tens of gigabytes of server memory and render affected services unavailable. 👉 Affected: Default HTTP/2 configurations in NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora ✅ Fixes: • NGINX: Upgrade to 1.29.8+ • Apache HTTPD: Upgrade to mod_ v2.0.41 • IIS, Envoy, Pingora: No patch available yet