Gcore - SERVICE | STANDORT Vorfalldetails – Details zu Vorfällen

Public RCA about the Incident:

Date: May 13, 2026 | Duration: 19:08 – 20:14 UTC (1 hour 6 minutes)

Summary

On May 13, 2026, from 19:08 to 20:14 UTC, part of Gcore's CDN service experienced a global disruption. CDN edges worldwide failed to process requests and returned HTTP 502 errors for a subset of client resources. The disruption affected gcore.com, the Customer Portal, public API endpoints, and CDN delivery on part of the infrastructure. 

Impact

• gcore.com and portal.gcore.com were unreachable.

• api.gcore.com returned 502 errors, affecting API-based operations across CDN, Cloud, DNS, Streaming, Storage, WAAP, and IAM services.

• SSO/SAML-based authentication to the portal was disrupted during and briefly after the window.

• Customers with CDN resources served through the affected infrastructure saw 502 errors for their end-user traffic.

Root Cause

This was a stacked-defect incident — three independent gaps in the CDN configuration pipeline combined to turn a single configuration change into a global edge failure. Any one of the three defects, had it been absent, would have prevented the outage.

1. API input validation gap: An internal origin routing field, originally intended as an admin-only configuration knob, lost its access restriction in a 2023 API rewrite and was later published in the public API documentation (March 2026) without specifying its allowed values. This allowed a non-standard value to be submitted and accepted via the API.

2. Configuration generation logic error: When the CDN configuration pipeline processed the resource with the non-standard value, a bug in the rule-level config generation silently dropped all origin servers — producing a configuration with an empty upstream list. 

3. Edge initialization crash: When a CDN edge node received a configuration with an empty upstream list, an edge-side script crashed during the initialization phase. Because the configuration file is global (shared across all resources on a node), this single malformed entry caused the entire node to fail initialization — returning HTTP 502 for all traffic, not just the affected resource. This crash propagated across all edge nodes on the affected infrastructure.

Timeline (UTC)

Resolution

Service was restored at 20:14 UTC by disabling the resource containing the malformed configuration. Engineers had been mitigating the impact since 19:42 UTC by routing critical control-plane services (API, portal) through alternative edge infrastructure.

Corrective Actions

We sincerely apologize for the disruption this caused. We are committed to completing the remaining fixes and implementing additional safeguards to prevent a similar configuration pipeline failure from causing a global impact in the future.

Wir freuen uns, Ihnen mitteilen zu können, dass die größere Störung unserer Website, der globalen CDN-Auslieferung, des API-Zugriffs für alle Dienste und des Kundenportals behoben wurde. Sollten Sie dennoch weiterhin Probleme haben, zögern Sie bitte nicht, unser Support-Team zu kontaktieren. Wir helfen Ihnen gerne weiter und kümmern uns umgehend um Ihre Anliegen.

Sobald eine detaillierte Ursachenanalyse (Root Cause Analysis, RCA) vorliegt, werden wir diese ebenfalls bereitstellen.

Wir wissen Ihre Geduld und Ihr Verständnis während dieses Vorfalls zu schätzen und danken Ihnen für Ihre Kooperation.

Für weitere Unterstützung kontaktieren Sie bitte unser Support-Team unter support@gcore.com.

The issue has been resolved, and all services have fully recovered. We are continuing to monitor the situation to ensure stability. We apologise for the inconvenience.

We are recovering, and all services are up and running. CDN service has mostly recovered; however, it may still be partially unavailable for some users. We are continuing to monitor the situation and working on the fix.

Website and Customer Portal are up again. We are continuing to fix other services.

The API access has been recovered, and we are continuing to fix other services. We will keep you updated.