Gcore - СЕРВИС | МЕСТОПОЛОЖЕНИЕ Подробности инцидента – Детали инцидента

Public RCA about the Incident:

Date: May 13, 2026 | Duration: 19:08 – 20:14 UTC (1 hour 6 minutes)

Summary

On May 13, 2026, from 19:08 to 20:14 UTC, part of Gcore's CDN service experienced a global disruption. CDN edges worldwide failed to process requests and returned HTTP 502 errors for a subset of client resources. The disruption affected gcore.com, the Customer Portal, public API endpoints, and CDN delivery on part of the infrastructure. 

Impact

• gcore.com and portal.gcore.com were unreachable.

• api.gcore.com returned 502 errors, affecting API-based operations across CDN, Cloud, DNS, Streaming, Storage, WAAP, and IAM services.

• SSO/SAML-based authentication to the portal was disrupted during and briefly after the window.

• Customers with CDN resources served through the affected infrastructure saw 502 errors for their end-user traffic.

Root Cause

This was a stacked-defect incident — three independent gaps in the CDN configuration pipeline combined to turn a single configuration change into a global edge failure. Any one of the three defects, had it been absent, would have prevented the outage.

1. API input validation gap: An internal origin routing field, originally intended as an admin-only configuration knob, lost its access restriction in a 2023 API rewrite and was later published in the public API documentation (March 2026) without specifying its allowed values. This allowed a non-standard value to be submitted and accepted via the API.

2. Configuration generation logic error: When the CDN configuration pipeline processed the resource with the non-standard value, a bug in the rule-level config generation silently dropped all origin servers — producing a configuration with an empty upstream list. 

3. Edge initialization crash: When a CDN edge node received a configuration with an empty upstream list, an edge-side script crashed during the initialization phase. Because the configuration file is global (shared across all resources on a node), this single malformed entry caused the entire node to fail initialization — returning HTTP 502 for all traffic, not just the affected resource. This crash propagated across all edge nodes on the affected infrastructure.

Timeline (UTC)

Resolution

Service was restored at 20:14 UTC by disabling the resource containing the malformed configuration. Engineers had been mitigating the impact since 19:42 UTC by routing critical control-plane services (API, portal) through alternative edge infrastructure.

Corrective Actions

We sincerely apologize for the disruption this caused. We are committed to completing the remaining fixes and implementing additional safeguards to prevent a similar configuration pipeline failure from causing a global impact in the future.

Мы рады сообщить вам, что крупный сбой в работе нашего веб-сайта, глобальной CDN-сети, доступа к API для всех сервисов и клиентского портала устранен. Однако, если у вас возникнут какие-либо проблемы, пожалуйста, не стесняйтесь обращаться в нашу службу поддержки. Наша команда с удовольствием поможет вам и обеспечит оперативное решение любых дальнейших вопросов.

Мы также предоставим подробный анализ первопричин (RCA), как только он станет доступен.

Мы ценим ваше терпение и понимание на протяжении всего инцидента и благодарим вас за сотрудничество.

Для получения дополнительной помощи, пожалуйста, свяжитесь с нашей службой поддержки по адресу support@gcore.com.

The issue has been resolved, and all services have fully recovered. We are continuing to monitor the situation to ensure stability. We apologise for the inconvenience.

We are recovering, and all services are up and running. CDN service has mostly recovered; however, it may still be partially unavailable for some users. We are continuing to monitor the situation and working on the fix.

Website and Customer Portal are up again. We are continuing to fix other services.

The API access has been recovered, and we are continuing to fix other services. We will keep you updated.