Cloudflare Outage Knocks Out BYOIP Services for Six Hours

On February 20, 2026, Cloudflare experienced a service outage lasting six hours and seven minutes, beginning at 17:48 UTC. The disruption affected customers using the company’s Bring Your Own IP (BYOIP) service, a feature that allows businesses to advertise their own IP address ranges through Cloudflare’s global network using Border Gateway Protocol (BGP).

The cause was an internal software bug introduced during a routine code deployment. A newly automated cleanup task was designed to remove BYOIP prefixes that customers had requested to delete. A flaw in the API query caused the system to return all active BYOIP prefixes instead of only those marked for removal. The system then treated every returned prefix as a candidate for deletion, triggering mass withdrawals of customer IP routes from the internet.

By 17:56 UTC, prefix withdrawals had begun propagating across Cloudflare’s network. Out of approximately 6,500 total prefixes advertised globally, around 1,100 were unintentionally withdrawn. This represented 25 percent of Cloudflare’s total BYOIP prefixes. The withdrawal meant that internet traffic could no longer find a valid route to the affected services, causing connection timeouts and failures for end users.

Several Cloudflare services were affected. Core CDN and security services failed to attract traffic, making websites hosted on withdrawn ranges unreachable. Spectrum applications could not proxy traffic. Dedicated Egress customers lost the ability to route outbound traffic. Magic Transit customers experienced connection failures. The website for Cloudflare’s public DNS resolver, 1.1.1.1, returned HTTP 403 errors with an Edge IP Restricted message, though the DNS resolver itself continued to function normally.

Users across multiple platforms reported disruptions. Reports on DownDetector peaked at fewer than 500, far below the approximately 11,000 reports recorded during Cloudflare’s November 2025 outage. Services affected by the February outage included UberEats, sports betting platform Bet365, and Valve’s Steam gaming service.

Recovery was complex because different customer prefixes were in different states of damage. Some customers had only their prefixes withdrawn and could restore service by toggling advertisement settings in the Cloudflare dashboard. Others had prefixes withdrawn alongside partial or complete removal of service bindings, the configuration links that connect BYOIP prefixes to Cloudflare products. Customers in this third category could not self-remediate and required direct intervention by Cloudflare engineers.

At 18:46 UTC, a Cloudflare engineer identified and terminated the broken automated process. Restoration began in stages. By 20:30 UTC, engineers had restored approximately 800 prefixes that still had intact service bindings. A global configuration rollout began at 21:08 UTC to address remaining prefixes. The last affected prefixes were fully restored at 23:03 UTC, marking the end of the incident.

The bug originated from how the API handled a query parameter. The cleanup task sent a request with the parameter pending_delete set to an empty value. The API server was coded to trigger a specific deletion workflow only when that parameter contained a non-empty string. Because the value was empty, the server ignored the intended workflow and returned all BYOIP prefixes instead. The task misread this response as a list of prefixes to be deleted.

The code was merged into the system on February 5, 2026, and deployed to production on February 20, fifteen days later. The incident occurred during Cloudflare’s internal initiative known as Code Orange: Fail Small, which aims to replace risky manual processes with automated, health-monitored deployments. The outage took place while those safeguards were still being built, before they were fully operational in production.

Cloudflare has identified several technical changes to prevent recurrence. The company plans to standardize its API schema to prevent flag interpretation errors of the kind that caused this incident. It will introduce circuit breakers to detect and halt abnormally fast or broad BGP prefix changes before they cause widespread impact. A new snapshot system will allow operational configurations to be rolled back rapidly to a known-good state in the event of a future database error.