A critical outage at Cloudflare disrupted a wide array of its services, with thousands of websites and platforms affected globally.
The root cause was traced to a failure in a third-party service crucial to Cloudflare’s Workers KV infrastructure, a key component in the firm’s serverless computing platform.
The incident began at approximately 18:19 UTC when Cloudflare engineers noticed authentication issues with its Access and Zero Trust WARP services. Within minutes, the outage expanded to affect major components of Cloudflare’s ecosystem, including Workers KV, Durable Objects, Workers AI, Stream, Turnstile, and parts of the company’s administrative dashboard. By 19:57 UTC, the firm acknowledged that the Workers KV system had gone completely offline due to the dependency outage, causing widespread functionality loss across its edge computing and AI services.
The disruption also had ripple effects on other high-profile services, most notably Google Cloud Platform (GCP), which reported concurrent outages affecting over 40 of its products. According to Google’s service health dashboard, the issues began at 10:51 PDT and spanned multiple continents, affecting infrastructure in more than 60 regions. Impacted Google services include API Gateway, Cloud Spanner, Google Cloud SQL, Vertex AI, and App Engine, many of which are tightly integrated with workloads that may rely on or interoperate with Cloudflare’s edge services.
Cloudflare, headquartered in San Francisco, operates one of the internet’s largest content delivery and security platforms. The company’s Workers platform is central to modern, decentralized application architectures, enabling developers to run code at the edge with low latency. Services like Workers KV and Durable Objects are essential for storing and synchronizing state across distributed applications, making their outage particularly disruptive to real-time applications and AI deployments.
Compounding the situation, the failure of Browser Isolation, AI Gateway, and AutoRAG, services that depend on Workers KV, likely interrupted secure web access and machine learning workflows for customers leveraging Cloudflare’s Zero Trust and AI pipelines. Turnstile, the company’s CAPTCHA alternative, was also rendered unavailable, which may have disrupted user authentication flows on sites using Cloudflare for bot mitigation.
While Cloudflare began observing partial recovery around 19:12 UTC, their status page still warns of continued intermittent failures as systems resynchronized and caches were re-populated. No specific timeline has been offered for full restoration, and the identity of the failing third-party dependency has not been disclosed.
UPDATE: Cloudflare services were fully restored after 2 hours and 28 minutes of downtime. In a postmortem report, the company attributed the outage to a third-party vendor failure. Cloudflare confirmed there was no cyberattack or security breach involved, and no data was lost during the incident.
Leave a Reply