In the last few minutes Cloudflare has confirmed it is aware of a major issue affecting its Global Network, which is causing widespread internet outages ranging from platforms like X (formerly Twitter) to ChatGPT, and, ironically, Downdetector. A wave of other websites and services are also experiencing outages.
Refresh
In the last few minutes Cloudflare has confirmed it is aware of a major issue affecting its Global Network, which is causing widespread internet outages ranging from platforms like X (formerly Twitter) to ChatGPT, and, ironically, Downdetector. A wave of other websites and services are also experiencing outages.
Cloudflare was previously undergoing scheduled maintenance at 10am UTC, according to the company's website. However, the latest update into Cloudflare's System Status states:
Cloudflare is aware of, and investigating an issue which impacts multiple customers: Widespread 500 errors, Cloudflare Dashboard and API also failing.
Cloudflare says "We are working to understand the full impact and mitigate this problem. More updates to follow shortly."
X affected
X (formerly Twitter) has been experiencing intermittent issues as a result of the outage. The platform is currently available, but availability has been patchy for the last hour or so.
(Image credit: Downdetector)
Downdetector, the outage monitoring site saw 11,201 reports of issues at 11:37AM GMT today. At the last data point, there are 6,570 reports. This could mean that the fix is making its way across the Internet, or that people know about the issue, and and no longer reporting it.
Over on the Cloudflare System Status page we can see that Cloudflare are still investigating the issue (12:37 UTC). Services have started to recover, but there will be higher than normal error rates while the sys admins work on fixing the issue.
The investigation is looking into HTTP 500 errors (errors occurring at the server level) that impact the dashboard and the Cloudflare API.
Could we soon be making the usual "It's not DNS... it was DNS" jokes? Was someone vibe coding the DNS entries? We'll find out when the post mortem happens.
(Image credit: Cloudflare / X)
X is down again and the Cloudflare information page shows that the issue is occurring on its systems. My browser and the X servers are both working, but Cloudflare's infrastructure is not. An error code 500 confirms that it is a Cloudflare server issue.
Image 1 of 2
(Image credit: Printables / Thangs)
(Image credit: Printables / Thangs)
Even 3D printer enthusiasts are feeling the sting of Cloudflare's outage. I visited Printables and Thangs to search for some fish bone models to print (long story) and both have the dreaded HTTP 500 error code.
A mere 16 minutes after the previous update, Cloudflare has updated the page with the same message as before.
Update - We are continuing to investigate this issue. Nov 18, 2025 - 12:53 UTC
Why the same message? Because they are still investigating the issue, and because the incident management team will have to provide timely updates for their service level agreement. In a previous life I was an incident manager, so I can imagine the situation at Cloudflare's office.
It seems that this could be another attempt to launch a DDOS on Cloudflare. If so, who is leading this and why?
According to the latest Cloudflare update
"During our attempts to remediate, we have disabled WARP access in London. Users in London trying to access the Internet via WARP will see a failure to connect."
But what is WARP? Faster than light travel for starships?
Sadly not, Cloudflare's WARP is seemingly a tool to secure internet connections by encrypting all traffic from a user's device. It is mainly used as a privacy tool for consumers and corporate customers. Unlike a VPN, warp does not hide your IP address, it merely encrypts your traffic.
Identified - The issue has been identified and a fix is being implemented. Nov 18, 2025 - 13:09 UTC
Hold on to your hats! Things are going to get a little bumpy while the fix proliferates across the Internet.
Well, this means that Steward and I can't work on any new graphics this afternoon! Canva, the online design suite is also impacted by Cloudflare.
(Image credit: Canva)
WARP is back online! Could this indicate that things will soon be working again?
Update - We have made changes that have allowed Cloudflare Access and WARP to recover. Error levels for Access and WARP users have returned to pre-incident rates. We have re-enabled WARP access in London.
We are continuing to work towards restoring other services. Nov 18, 2025 - 13:13 UTC
According to its status page, ClaudAI is suffering a major outage due to Cloudflare's own outage.
The old adage of "Don't put your eggs all in one basket" is once again being proven by another Internet outage.
(Image credit: Cluade)
(Image credit: Downdetector)
Lets take another look at Downdectors graph of reported Cloudflare issues.
After a large spike at 11:45AM GMT (4,558 reports) things have calmed a little, with 1,927 reports at 12:45PM. As we know, the sys admins at Cloudflare are working on the issue, so it is now just a matter of time, and a constant of supply of coffee until the teams have things up and running again.
(Image credit: Windscribe)
Is the Windscribe VPN another victim of the Cloudflare outage? We don't know because the status page is also down. Stewart is not having a good day, he uses it to check our deals.
Another update, but nothing to get excited about, yet!
Update - We are continuing working on restoring service for application services customers. Nov 18, 2025 - 13:35 UTC
The free MMORPG, Runescape has been impacted by the Cloudflare outage with players turning to Reddit to report that they cannot log in nor use the wiki.
The ongoing Cloudflare outage isn't only affecting services, but also websites like The Register, Notebookcheck, and Videocardz, which all display an Error 500 message when attempting to access them. Stay tuned to Tom's Hardware for more updates.
(Image credit: OpenAI)
ChatGPT is also suffering from "intermittent access issues". OpenAI has issued an update on its status page that the incident is "caused by an issue with one of our third-party service providers". No prizes for guessing which provider that might be.
Our colleagues at TechRadar acquired a statement directly from CloudFlare itself, as the service continues to investigate the ongoing downtime. The statement reads:
"We saw a spike in unusual traffic to one of Cloudflare's services beginning at 11:20 UTC. That caused some traffic passing through Cloudflare's network to experience errors. We do not yet know the cause of the spike in unusual traffic. We are all hands on deck to make sure all traffic is served without errors. After that, we will turn our attention to investigating the cause of the unusual spike in traffic. We will post updates to cloudflarestatus.com and more in-depth analysis when it is ready to blog.cloudflare.com."
Not even lunch is safe from Cloudflare's current outage, according to one Reddit user. McDonalds' self-service ordering system has been photographed as being impacted by the dreaded errors which have plagued wide swathes of the internet over the last few hours.
Update - We are continuing to work on a fix for this issue. Nov 18, 2025 - 14:22 UTC
Cloudflare's latest update has restored dashboard services, but outages remain.
Update - We've deployed a change which has restored dashboard services. We are still working to remediate broad application services impact Nov 18, 2025 - 14:34 UTC
My kid's daycare reverted to the 1990's. While they usually use tablets connected to an app parents can look at to check kids in and out (and also food and diapers), they're doing everything by hand. Godspeed to the two teachers and 10 toddlers.
— Andrew E. Freedman
This is a little worrying, but according to TunaTops in the comments for this story, PADS (Personnel Access Data System) a background check site for nuclear plants is also impacted by the Cloudflare outage. This means that visitor access to their respective nuclear plant is currently not available.
PADS is software used in the US commercial nuclear industry to manage access authorization for workers. This includes tracking their fitness for duty and training. Only authorized personnel, who have cleared background checks and completed training have access to nuclear power facilities.
PADS has nothing to do with running the nuclear power station, but it does impact who is working there. But dear reader, there is nothing to worry about.
(Image credit: Downdetector)
Time to check Downdetector's outage graph!
At 14:19 GMT, there were a reported 11,145 Cloudflare issues logged to the site.
Monitoring - A fix has been implemented and we believe the incident is now resolved. We are continuing to monitor for errors to ensure all services are back to normal. Nov 18, 2025 - 14:42 UTC
Could the end of this outage be nigh? Stay tuned!
Another update from Cloudflare
Update - Some customers may be still experiencing issues logging into or using the Cloudflare dashboard. We are working on a fix to resolve this, and continuing to monitor for any further issues. Nov 18, 2025 - 14:57 UTC
What does "monitoring" mean?
In incident management, monitoring is when the incident team watches how a fix works in the real world. Ideally, fixes are tested in an environment before they are unleashed to the public. The team will look for issues and ask for reports from a number of sources with which they have close ties.
These issues are not incidents in the traditional sense, rather they are used to tweak the fix, with the hope that they resolve the incident.
Hi Sydney, Australia readers!
Don't worry if you have issues, this is a planned scheduled maintenance and not part of the global outage. Which should hopefully be coming to an end.
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Nov 18, 2025 - 15:01 UTC
Scheduled - We will be performing scheduled maintenance in SYD (Sydney) datacenter on 2025-11-18 between 15:00 and 19:00 UTC.
Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.
The Downdetector outage graph is going down! Just 1,660 reported outages right now.
Cloudflare CTO speaks out:
I won’t mince words: earlier today we failed our customers and the broader Internet when a problem in Cloudflare network impacted large amounts of traffic that rely on us. The sites, businesses, and organizations that rely on Cloudflare depend on us being available and I apologize for the impact that we caused. Transparency about what happened matters, and we plan to share a breakdown with more details in a few hours. In short, a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made. That cascaded into a broad degradation to our network and other services. This was not an attack. That issue, impact it caused, and time to resolution is unacceptable. Work is already underway to make sure it does not happen again, but I know it caused real pain today. The trust our customers place in us is what we value the most and we are going to do what it takes to earn that back.
Latest:
Cloudflare's latest update says: "Update - We continue to see errors drop as we work through services globally and clearing remaining errors and latency."
Looks like this one is winding up folks, with most errors and disruption now cleared.
Cloudfare is the server used for PADS, the background check site for the nuclear plant I work at. Without the ability to perform live background checks, I am not able to allow visitors access to the plant. Many of our subcontractor workers rely on visitor badges, as they are not permanent employees.
On wikipedia "Internet Wikipedia":
...
According to Charles Herzfeld, ARPA Director (1965–1967):
The ARPANET was not started to create a Command and Control System that would survive a nuclear attack, as many now claim. To build such a system was, clearly, a major military need, but it was not ARPA's mission to do this; in fact, we would have been severely criticized had we tried. Rather, the ARPANET came out of our frustration that there were only a limited number of large, powerful research computers in the country, and that many research investigators, who should have access to them, were geographically separated from them.
...
By centralizing everything, it's easier to spy on and control everyone. It's clear that Cloudflare controls a significant percentage of websites. Agencies like the NSA and other truly secretive ones must be enjoying all this "data"...
Another example of human "intelligence." And we will continue, with each technological advancement, to control the population more and more, and since they are still just as brainwashed ("TV, the opium of the people"; "the smartphone, the heroin of the people"; "the internet, the fentanyl of the people"), they won't care about being tracked and controlled, just as the Nazis did, to take only one example.
Ironically, the personal computer was created to get rid of centralization. But, humans being just as foolish, they have reverted to centralization, much to the delight of "secret" agencies and "private" companies that make trillions selling people's data to the highest bidder.
Don't mention "1984", "Brave New World", or "Soylent Green" to smartphone users. For them, even thinking about them has become intellectual terrorism.
Lot of outages lately. Is there some new attack vector being utilized? Odds of random hardware failures are decreasing the more the failure frequency deviates from the norm.
SQUIP supposedly can be used remotely without admin or local access: https://stefangast.eu/papers/javasquip.pdf but this is an old vulnerability so seems unlikely. Probably something new.
I can't even get into my bank account, they need to hurry up! I use varo online banking and can't move anything, so therefore I dont have money. This is frustrating
I can't even begin to count the number of websites i had no access to. Fortunately, it looks like the situation has smoothed out now - at least for the most part.
Lot of outages lately. Is there some new attack vector being utilized? Odds of random hardware failures are decreasing the more the failure frequency deviates from the norm.
SQUIP supposedly can be used remotely without admin or local access: https://stefangast.eu/papers/javasquip.pdf but this is an old vulnerability so seems unlikely. Probably something new.
Hope it gets squashed whatever it is.
AI bots. They're flooding websites and services. Not only is it happening on a large scale, it's also happening on smaller scale since anyone with a username can now create their own bots / scrapers with just a few prompts. Even the services designed to help protect us from such things such as Cloudflare are not prepared for this ever evolving change.
Obviously in a digital world there needs to be better backup / load spreading systems to reduce or eliminate these issues. It seems that little thought is given to the consequences of down time when these systems are created. Banking, communications and other critical systems need to be protected from these outages. Betting the farm on one system is naive and irresponsible.
...
According to Charles Herzfeld, ARPA Director (1965–1967):
...
By centralizing everything, it's easier to spy on and control everyone. It's clear that Cloudflare controls a significant percentage of websites. Agencies like the NSA and other truly secretive ones must be enjoying all this "data"...
Another example of human "intelligence." And we will continue, with each technological advancement, to control the population more and more, and since they are still just as brainwashed ("TV, the opium of the people"; "the smartphone, the heroin of the people"; "the internet, the fentanyl of the people"), they won't care about being tracked and controlled, just as the Nazis did, to take only one example.
Ironically, the personal computer was created to get rid of centralization. But, humans being just as foolish, they have reverted to centralization, much to the delight of "secret" agencies and "private" companies that make trillions selling people's data to the highest bidder.
Don't mention "1984", "Brave New World", or "Soylent Green" to smartphone users. For them, even thinking about them has become intellectual terrorism.
SQUIP supposedly can be used remotely without admin or local access: https://stefangast.eu/papers/javasquip.pdf but this is an old vulnerability so seems unlikely. Probably something new.
Hope it gets squashed whatever it is.