Cloudflare has successfully recovered its services after a second outage in the space of three weeks briefly took down Cloudflare Dashboard and related APIs, knocking out multiple online services.
The issues surfaced shortly after 9am GMT (4am EST) and left users unable to access sites such as Canva, Coinbase, LinkedIn, SubStack, X, Zoom, and once again, the DownDetector service relied on by many to monitor web outages.
At the time of writing, the issue was fully resolved and Cloudflare’s status page reported normal operations across its global network.
A spokesperson told Computer Weekly that a change to how Cloudflare’s web application firewall parses requests impacted the availability of its network for about 25 minutes.
“This was not an attack – the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components,” they said.
The flaw in question was tracked as CVE-2025-55182 – although a duplicate identifier, CVE-2025-66478 has also been assigned to it. Referred to by some as React2Shell, it is a critical remote code execution (RCE) vulnerability that affects the React library used to build many web applications.
It affects all React applications that support React Server Components, and notably, according to Rapid7 researchers, server applications may also be vulnerable even if they do not explicitly implement any React Server Function endpoints but do support React Server Components.
Rapid7’s researchers added that many popular frameworks based on React, including Next.js, are affected by the issue.
Successfully exploited, an unauthenticated attacker could gain the ability to execute arbitrary code on an affected server. A weaponised proof-of-concept exploit is believed to have been shared.
“Organisations who use React or the affected downstream frameworks are urged to remediate this vulnerability on an urgent basis, outside of normal patch cycles and before broad exploitation begins,” said Rapid7’s team.
Responding to the Cloudflare outage, Mayur Upadhyaya, CEO of API monitoring and testing service APIContext, said: “When APIs and dashboards at this layer are impacted, the ripple effects are wide-reaching, not because of failure, but because of how much trust we place in these services to function smoothly behind the scenes.
“This isn’t about blame – all services hiccup. It’s a reminder that resilience isn’t just about uptime – it’s about graceful degradation, clear observability, and understanding dependencies. As complexity grows, continuous testing and real-time signals become key to supporting both providers and customers through high-pressure moments like this.”
Opportunity for threat actors
While the latest hiccup to befall Cloudflare’s services was the result of a change designed to address a security vulnerability and protect its customers, rather than a cyber attack on its services, the incident should still have defenders on alert, said ESET global cyber security advisor Jake Moore.
“We have seen multiple errors like this in recent months which have led to catastrophic downtimes for thousands of websites,” said Moore. “It therefore potentially offers up new opportunities to threat actors wanting to cause mass disruption.”
Cloudflare’s previous outage, which unfolded on Tuesday 18 November 2025, forced the company’s worst period of downtime since 2019, when a change to the web traffic management firm’s bot management system caused a larger-than-expected file feature configuration file to be spread across its network, causing widespread crashes. Such was the scale of this incident that Cloudflare’s response teams initially believed they were dealing with a massive distributed denial of service (DDoS) attack.
