A widespread internet disruption linked to a degradation in Cloudflare’s global infrastructure left more than 35,000 users unable to reach X on Monday morning, June 22, 2026, while also causing severe access problems for Microsoft Teams, Zoom, Reddit, Robinhood, Canva, and dozens of other major platforms. The incident, which began early in the European morning and quickly spread across North America and Asia, exposed the brittle underbelly of an internet that funnels an ever-growing share of its traffic through a handful of backbone providers.
Outage monitoring services such as DownDetector registered a sharp spike in complaints for X starting at around 09:15 UTC, with the volume of reports topping 35,000 within the first hour. Users saw blank pages, persistent loading spinners, or TLS/SSL errors when trying to load the social network. Simultaneously, Microsoft Teams users flooded IT help desks with reports of stalled chats, failed meeting joins, and repeated login loops. Zoom participants were kicked out of active videoconferences; many discovered that the desktop client could not reconnect even after multiple restarts. Financial-trading app Robinhood became unreachable, prompting panic among retail investors who were unable to execute trades during a volatile pre-market session. Even design platform Canva and discussion mega-site Reddit were knocked partially or fully offline.
Cloudflare, a content-delivery network and domain-name system provider that sits in front of roughly 20% of the web’s most popular sites, confirmed the incident via its status page—though the initial advisory, posted at 09:28 UTC, was characteristically terse. “We are investigating a widespread performance degradation affecting multiple services and regions,” the message read. No root-cause detail was offered at that stage, but engineers familiar with Cloudflare’s architecture noted that similar events often stem from a cascading failure in the company’s anycast routing, an overloaded control plane, or a subtle software bug that corrupts the TLS handshake for tens of thousands of edge nodes.
Timeline of the disruption
Monday’s degradation did not follow the classic pattern of a single-point explosion. Instead, users in different countries began feeling the impact in waves, suggesting a slowly spreading internal fault rather than an instantaneous fibre cut or power loss. By 08:45 UTC, visitors to Reddit’s r/sysadmin were already posting cryptic messages about failing SSL termination. At 09:05 UTC, the first Teams-related tickets landed in corporate service desks. At 09:15 UTC, DownDetector’s heat map showed the outage centre of mass shifting from Amsterdam to London and then to New York, mirroring the sun’s path across time zones. At 09:28 UTC, Cloudflare acknowledged the issue publicly. For the next 95 minutes, the situation seesawed: some services recovered for a few minutes only to collapse again. Teams users in particular reported a “flapping” state where the client would show green status but fail to deliver any messages.
It was not until 11:03 UTC that Cloudflare posted an update stating the degradation had been “identified and a fix is being implemented.” But even that milestone brought only partial relief. Zoom, which had moved much of its real-time signalling to an in-house mesh after earlier Cloudflare incidents, was restored faster than most. X, which relies heavily on Cloudflare’s caching and DDoS-protection layers, remained spotty for another forty minutes. By 12:30 UTC, the majority of services appeared stable, and at 13:15 UTC Cloudflare declared the incident resolved, promising a detailed post-mortem within 72 hours.
Which services were hit hardest?
X (formerly Twitter). With more than 35,000 individual complaints on DownDetector alone, X was the most visible victim. Users reported that the platform would load intermittently, often displaying a “This page isn’t working” HTTP 502 error. For a social network that has become a real-time news wire for journalists, governments, and emergency services, the outage was more than an inconvenience—it severed a critical communication link for areas still recovering from weekend storms in the U.S. Midwest.
Microsoft Teams. The collaboration hub of 320 million monthly active users became a digital paperweight. Meetings scheduled for the Monday morning stand-up in Europe and the U.S. East Coast were disrupted; participants found themselves stuck in a “Connecting…” loop. The Microsoft 365 admin dashboard lit up with MO… alerts, and the official Microsoft support account directed affected organisations to the Teams Service Health Dashboard, which itself was partially hosted behind Cloudflare and therefore also sluggish. IT professionals took to LinkedIn to share workarounds, including switching to Slack, Discord, or even old-fashioned phone bridges.
Zoom. While Zoom’s audio-video pipe is designed to switch paths if one datacenter fails, the initial client-login process depends on Cloudflare for DNS resolution and API authentication. Users already logged in and in-call were often unaware of the trouble, but anyone who tried to start or join a meeting after 09:00 UTC hit an error message that read, “Cannot connect to the Zoom server. Please check your network connection and try again.”
Robinhood. The brokerage’s mobile and web apps both failed to display user portfolios, and order-placement attempts returned generic “Something went wrong” errors. The timing—half an hour before the U.S. market open—magnified the damage. Crypto traders were similarly affected because Robinhood Crypto routes through the same infrastructure.
Reddit and Canva. Reddit’s front page loaded partially, but any attempt to open a thread or post a comment resulted in a 500-series error. Canva’s image-rendering microservices, which rely on Cloudflare’s caching to deliver fast previews, fell back to slow origin fetches, making the design tool unusably sluggish for the duration of the incident.
The Cloudflare dependency chain
To understand how a single company’s blip can topple so many household names, it helps to unpeel the layers of modern internet plumbing. Cloudflare operates a reverse-proxy network that sits between end users and origin servers. When you type “x.com” into a browser, the request goes to a nearby Cloudflare edge node, which either serves cached content or forwards the request to the site’s own hosting infrastructure. On the way back, that node encrypts the response with a TLS certificate that is valid only because Cloudflare manages millions of certificates on behalf of its customers.
On Monday, three distinct mechanisms broke almost simultaneously:
- DNS Resolution. Cloudflare’s authoritative DNS servers, which answer queries for thousands of domains, began returning SERVFAIL errors for a subset of requests. This meant that the initial step—translating a domain name into an IP address—simply failed. Users saw “Server not found” messages in their browsers.
- Edge Proxy Connectivity. For requests that did resolve, the edge proxy layer suffered from degraded throughput. Traffic that should have been handled in milliseconds was timing out after tens of seconds, triggering the 502 Bad Gateway errors that users of X and Canva saw.
- TLS Certificate Validation. A crucial internal service that checks the validity of SSL/TLS certificates before establishing a secure connection became overloaded, causing browsers to report that a site’s certificate had expired or was invalid—even though the certificate itself was perfectly fine. This confusion generated a flood of retries that further burdened the already-wobbling edge.
Because Cloudflare’s edge nodes in different cities share state information through a global control plane, a fault in one region can propagate rapidly. The company designs the system to “fail closed”—to stop serving traffic rather than serve corrupted data—which is why so many sites displayed clean error pages instead of scrambled content. But for the millions of users trying to work, trade, or communicate, the experience was indistinguishable from a total outage.
Enterprise impact and IT incident response
The incident tested the resilience plans of organisations that had standardised on Microsoft 365 and Zoom as their primary communication stacks. Several Fortune 500 companies invoked their business-continuity playbooks, redirecting employees to backup channels such as SMS-based alerting systems, carrier pigeons in the form of WhatsApp groups, and good old-fashioned conference bridges hosted by telecom providers who didn’t rely on Cloudflare. IT service desk volumes tripled industry-wide, and platforms like ServiceNow saw a surge in ticket creation that threatened their own stability.
A Microsoft Teams administrator at a large European bank, speaking on condition of anonymity because they were not authorised to speak to the press, said: “The first ten minutes were chaos because the Teams admin centre was also unreachable. We couldn’t even open a severity-1 ticket with Microsoft because our own network depended on Cloudflare for DNS. Eventually we switched to a secondary DNS provider we had configured but never really tested, and services started trickling back.” That experience underscores a hard-won lesson: organisations that had practiced DNS-provider failovers regularly recovered faster than those that assumed Cloudflare’s 100% uptime SLAs would never be tested.
What Cloudflare has said—and what’s still unknown
Cloudflare’s initial incident report, posted to its blog a few hours after resolution, confirmed that a configuration change intended to optimise TLS handshake performance for a new set of edge locations had triggered an unexpected feedback loop in the global certificate-verification subsystem. The company reverted the change, and services returned to normal. “We deeply apologise for the disruption,” the post read. “Our engineering teams are conducting a thorough investigation and will publish a full post-mortem with concrete steps to prevent recurrence.”
Missing from that early statement was any detail about why the change had passed through a multi-stage testing pipeline without catching the flaw. Industry analysts pointed out that Cloudflare, like many large-scale ops teams, deploys thousands of configuration updates per day through automated CI/CD pipelines. The likelihood of a latent bug slipping through increases with the complexity of the system, and as Cloudflare expands its edge footprint to more than 310 cities, the combinatorial risk grows non-linearly.
Independent security researcher June Hendriks speculated that the incident might become a textbook case for “shifting left” in network operations. “When your canary deployments are so small that they don’t expose the cascade potential, you’re effectively flying blind for global side-effects,” she wrote on her blog. “My guess is that the feedback loop only triggered when the configuration reached a critical mass of edge nodes, which didn’t happen during staging or regional purple-deploy tests.” Until the full post-mortem is published, that will remain an informed guess.
Lessons for Windows users and IT professionals
For the millions of Windows users who found themselves locked out of Teams and unable to join scheduled meetings, the incident was a frustrating reminder of how deeply cloud dependence has woven itself into the fabric of daily work. Yet the event also highlighted several practical steps that individuals and organisations can take to blunt the impact of future outages:
- Diversify DNS resolvers. Many corporate networks use Cloudflare’s 1.1.1.1 or Microsoft’s own resolvers. Having a pre-configured backup resolver from a different provider—such as Google Public DNS or Quad9—can quickly restore connectivity when the primary fails.
- Test secondary communication channels before you need them. The organisations that recovered fastest were those that had already run drills switching from Teams to Slack, or from Zoom to Webex, and had published simple one-page instructions for end users.
- Monitor vendor status pages proactively. IT departments that use synthetic monitoring tools were alerted to the degradation several minutes before Cloudflare’s public post, giving them a head start on failover. Even a free tool like Uptime Robot can provide early warning.
- Keep offline alternatives for critical workflows. For traders unable to reach Robinhood, the outage was financially damaging. Brokerages that offered both an app and a telephone-based trading desk saw less client fury. Similarly, having an old-school phone bridge number stored in a shared document can save a critical sales call when video conferencing goes dark.
The bigger picture: concentreation risk in the internet stack
Monday’s degradation is far from an isolated event. The internet has been consolidating around a small handful of CDN and cloud providers for more than a decade. When one of them sneezes, the web catches a cold. In 2021, a Fastly outage took down Reddit, Amazon, and CNN. In 2022, a Cloudflare DNS misconfiguration caused a similar ripple. Each time, the post-mortems promise better guardrails, but the underlying architecture—where a single company can toggle the reachability of 20% of the web—remains unchanged.
Regulators have taken notice. The European Union’s proposed Digital Infrastructure Resilience Act would require large-scale CDN and cloud providers to perform regular stress tests and submit to mandatory incident reporting with faster timelines. If Monday’s event accelerates that legislation, it could force providers like Cloudflare to invest even more heavily in out-of-band control planes and isolated failure domains.
For now, the internet is back to normal. X is churning with conspiracy theories about the outage’s cause, Teams meetings are humming along, and Robinhood users have returned to chasing meme stocks. But the next time a configuration change goes sideways in a data centre halfway around the world, millions of Windows users will once again look at a spinning wheel and wonder why the tools they rely on have become so fragile. Cloudflare’s eventual post-mortem will reveal whether this incident was a rare perfect storm or a harbinger of more frequent, cascading failures in an increasingly concentrated digital ecosystem.