Route leak incident on January 22, 2026

On January 22, 2026, Cloudflare experienced a route leak incident stemming from an automated routing policy configuration error at their Miami data center, resulting in unintended BGP prefix leaks that affected both Cloudflare customers and external parties. The incident, lasting 25 minutes, caused congestion on Cloudflare's infrastructure and elevated latency due to IPv6 traffic being incorrectly routed through Miami, with some traffic discarded by firewall filters. The misconfiguration was attributed to a permissive policy change that inadvertently allowed internal routes to be advertised externally, violating the principles of BGP routing as defined in RFC7908. Cloudflare has acknowledged the mistake, apologized to those impacted, and outlined steps for improvements, including patching the routing policy failure, implementing BGP community-based safeguards, and integrating automatic policy evaluations into their CI/CD pipelines. They aim to enhance routing security further by validating equipment against RFC9234 and promoting the adoption of RPKI ASPA to prevent future route leaks.