Cloudflare successfully restored its services after the second outage within three weeks briefly took down Cloudflare Dashboard and its associated APIs, shutting down several online services.
The problems began shortly after 9am GMT (4am EST) and users were unable to access sites such as Canva, Coinbase, LinkedIn, SubStack, X, Zoom and, again, the DownDetector service that many rely on to monitor network outages.
At the time of writing, the issue has been fully resolved and the Cloudflare status page reported the normal operation of its global network.
A spokesperson told Computer Weekly that a change in how Cloudflare's web application firewall parses requests impacted network availability for about 25 minutes.
“This was not an attack – the change was implemented by our team to help mitigate an industry-wide vulnerability discovered this week. in React server components“, they said.
The vulnerability in question was tracked as CVE-2025-55182, although it was also assigned the duplicate ID CVE-2025-66478. Some people call it React2Shell. This is a critical remote code execution (RCE) vulnerability that affects the React library used to build many web applications.
This affects all React applications that support React server components, and in particular according to Rapid7 researchersServer-side applications can also be vulnerable even if they do not explicitly implement any React server-side functionality endpoints but do support React server-side components.
Rapid7 researchers added that many popular React-based frameworks, including Next.js, are affected by this issue.
A successful exploit could allow an unauthenticated attacker to execute arbitrary code on the infected server. It is believed that an experimental weaponized exploit has been distributed.
“Organizations using React or affected downstream platforms are strongly encouraged to resolve this vulnerability as a matter of urgency, outside of normal patch cycles and before widespread use begins,” the Rapid7 team said.
Responding to the Cloudflare outage, Mayur Upadhyaya, CEO of API Monitoring and Testing APIContextsaid: “When it impacts APIs and dashboards at this level, the ripple effects become widespread, and not because of the failure, but because of how much we trust these services to run smoothly behind the scenes.
“This isn't about blame – all services fail. It's a reminder that resilience isn't just about uptime – it's about graceful degradation, clear observability and understanding dependencies. As complexity increases, continuous testing and real-time signals become key to supporting both suppliers and customers through these challenging times.”
Opportunity for Threat Actors
While Cloudflare's latest service outage was the result of a change aimed at addressing security vulnerabilities and customer protection rather than a cyberattack on the services, the incident should still put defenders on alert, the company said. ESET Global Cybersecurity Advisor Jake Moore.
“We have seen many similar errors in recent months that have caused catastrophic downtime for thousands of websites,” Moore said. “So this potentially opens up new opportunities for threat actors looking to cause civil unrest.”
Cloudflare's previous outage, which occurred on Tuesday, November 18, 2025, forced the company worst downtime since 2019when a change in a web traffic management company's bot management system caused a larger-than-expected file function configuration file to be distributed across the network, causing widespread outages. The scale of this incident was so large that Cloudflare's response teams initially believed they were dealing with a massive distributed denial of service (DDoS) attack.
