During the same window, Downdetector saw a spike in problem reports for enterprise services including Shopify, Zoom, Claude AI, and Amazon Web Services, and a host of consumer services from games to dating apps.
Cloudflare explained the outage on its service status page: “A change made to how Cloudflare’s Web Application Firewall parses requests caused Cloudflare’s network to be unavailable for several minutes this morning. This was not an attack; the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components.”
That vulnerability, tracked as CVE-2025-55182, enables attackers to remotely execute code on web servers running the React 19 library. Cloudflare was no doubt attempting to protect those of its customers who have not yet had an opportunity to patch the vulnerability in the two days since it was revealed.
