A Cloudflare outage took several websites offline today – just 17 days after another notable disruption to services. Cloudflare is used by roughly 19.4% of all websites on the internet, making it one of the world’s largest content delivery networks.
Among the affected sites were, perhaps somewhat ironically, Downdetector – a website which tracks online outages. LinkedIn was also affected, but other social media sites including X and Facebook appeared to have been unaffected. Salesforce Ben was also down for a while – sorry about that! Let’s take a look at what happened.
Cloudflare Outage: What Happened?
On December 5 at 9.33 UTC, Cloudflare posted an update saying it was investigating an “increased level of errors” for customers running Workers scripts.
They wrote: “We are working to analyse and mitigate this problem. More updates to follow shortly.”
Five minutes later, Cloudflare posted an update saying: “Cloudflare is investigating reports of a large number of empty pages when using the list API on a Workers KV namespace.”
Cloudflare’s update on the status of the problem, posted at 9.33 UTC, December 5 
Downdetector, accessed 9.30am BST, showing thousands of reports of issues at Cloudflare and a spike in issues reported at a range of websites. 
Downdetector, accessed 9.30am BST, showing thousands of reports of issues at Cloudflare and a spike in issues reported at a range of websites.
Once Downdetector was back online, the extent of the issue was revealed, with Shopify, Zoom, Vinted, Fortnite, Square, Just Eat, Canva, Vimeo, AWS, and Deliveroo all seeing a spike in reports of issues.
A Cloudflare spokesperson had initially told Salesforce Ben: “A change made to how Cloudflare’s Web Application Firewall parses requests impacted the availability of Cloudflare’s network at approximately 8:47 GMT and concluded approximately 9:13 GMT. This was not an attack; the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components. We will share full details in a blog post today.”
Later, after the incident was fixed, they explained what happened in a blog post. It reads: “On December 5, 2025, at 08:47 UTC (all times in this blog are UTC), a portion of Cloudflare’s network began experiencing significant failures. The incident was resolved at 09:12 (~25 minutes total impact), when all services were fully restored.
“A subset of customers were impacted, accounting for approximately 28% of all HTTP traffic served by Cloudflare. Several factors needed to combine for an individual customer to be affected as described below.
“The issue was not caused, directly or indirectly, by a cyber attack on Cloudflare’s systems or malicious activity of any kind. Instead, it was triggered by changes being made to our body parsing logic while attempting to detect and mitigate an industry-wide vulnerability disclosed this week in React Server Components.
“Any outage of our systems is unacceptable, and we know we have let the Internet down again following the incident on November 18. We will be publishing details next week about the work we are doing to stop these types of incidents from occurring.”
Previous Cloudflare Outage
Last month, on November 18, a Cloudflare outage affected ChatGPT, X, AWS, Spotify, Letterboxd, and others due to a “latent bug”.
Following the incident in November, chief technology officer Dane Knecht wrote on X: “Earlier today we failed our customers and the broader internet when a problem in Cloudflare network impacted large amounts of traffic that rely on us.
“In short, a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made.”
The company had said during the previous incident that there had been “a spike in unusual traffic” to one of its services.
Summary
A Cloudflare outage took several websites offline today, and the company said it was investigating an “increased level of errors” for customers running Workers scripts.
It came just one month after a previous outage caused disruption.
