Cloudflare: Last night's outage was not caused by a cyberattack, but rather by a chain reaction triggered by changes to database system permissions.

Jinse Finance reported that Cloudflare has officially released a detailed post-incident report on the global network outage that occurred on November 18, 2025. The report indicates that the outage began at 11:20 UTC and was not caused by a cyberattack, but rather by a chain reaction triggered by a change in database system permissions. Specifically, a change in ClickHouse database query behavior caused the Bot Management System's signature configuration file to increase abnormally in size, exceeding the preset memory allocation limit and triggering a system crash. The report provides a detailed account of the impact on core services such as CDN, Turnstile, and Workers KV during the incident, as well as a complete timeline of the outage response from 11:28 to 17:06. The Cloudflare team resolved the issue by halting the propagation of the misconfiguration and rolling back to a stable version. Cloudflare CEO Matthew Prince acknowledged in the report that this was the company's most severe outage since 2019 and committed to strengthening configuration file validation, adding global feature switches, and optimizing error handling mechanisms to prevent similar incidents in the future.