LmCast :: Stay tuned in

Cloudflare misconfiguration behind recent BGP route leak

Recorded: Jan. 26, 2026, 9 p.m.

Original Summarized

Cloudflare misconfiguration behind recent BGP route leak

News

Featured
Latest

New ClickFix attacks abuse Windows App-V scripts to push malware

Microsoft patches actively exploited Office zero-day vulnerability

Nearly 800,000 Telnet servers exposed to remote attacks

Cloudflare misconfiguration behind recent BGP route leak

OpenAI's ChatGPT ad costs are on par with live NFL broadcasts

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor

WinRAR path traversal flaw still exploited by numerous hackers

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityCloudflare misconfiguration behind recent BGP route leak

Cloudflare misconfiguration behind recent BGP route leak

By Bill Toulas

January 26, 2026
12:50 PM
0

Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic.
The BGP system helps route data across different networks called autonomous systems (AS) that send it to destination through smaller networks on the internet.
The incident was caused by an accidental policy misconfiguration on a router and affected external networks beyond Cloudflare customers.

“During the incident on January 22, we caused a similar kind of route leak, in which we took routes from some of our peers and redistributed them in Miami to some of our peers and providers,” reads the Cloudflare announcement.
"According to the route leak definitions in RFC7908, we caused a mixture of Type 3 and Type 4 route leaks on the Internet.”

Type 4 route leak diagramSource: Cloudflare
A BGP route leak occurs when an Autonomous System (AS) violates valley-free routing policies by incorrectly advertising routes learned from one peer or provider to another peer or provider.
As a result, traffic is sent through a network that was never intended to carry it. This often causes congestion, drops, or suboptimal paths. When firewall filters are used to accept traffic only from specific providers, the traffic is completely discarded.
Valley-free rules describe how routes are supposed to be propagated based on business relationships between networks, and when they are violated, traffic is attracted to networks that can’t carry it via longer or unstable paths, and, like in this case, dropped entirely.
Although such incidents primarily cause reliability issues, they do have a security dimension, as they can lead to unauthorized parties intercepting and analyzing traffic in BGP hijacking incidents.
Cloudflare explained that the root cause of the BGP route leak was a policy change intended to prevent Miami from advertising Bogotá IPv6 prefixes.
Removing specific prefix lists made the export policy overly permissive, allowing a route-type internal match to accept all internal (iBGP) IPv6 routes and export them externally.
"As a result, all IPv6 prefixes that Cloudflare redistributes internally across the backbone were accepted by this policy, and advertised to all our BGP neighbors in Miami," explained Cloudflare.

Congestion volume (top) and dropped traffic (bottom)Source: Cloudflare
Cloudflare detected the problem shortly after it appeared, and its engineers manually reverted the configuration and paused automation, stopping the impact within 25 minutes. The triggering code change was later reverted, and automation was safely re-enabled.
The internet giant says that this latest case is very similar to a July 2020 incident and has also listed measures to prevent such occurrences in the future.
The proposed measures include adding stricter community-based export safeguards, CI/CD checks for policy errors, improved early detection, validating RFC 9234, and promoting RPKI ASPA adoption.

The 2026 CISO Budget Benchmark
It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
Download Now

Related Articles:
New D-Link flaw in legacy DSL routers actively exploited in attacksCloudflare blames today's outage on React2Shell mitigationsCloudflare down, websites offline with 500 Internal Server ErrorAisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

BGP
Cloudflare
Internet
Router
Traffic

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment
Not a member yet? Register Now

You may also like:

Popular Stories

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft investigates Windows 11 boot failures after January updates

Microsoft releases emergency OOB update to fix Outlook freezes

Sponsor Posts

Is your data already on a leak site? Monitor your exposure threats for free.

Exposure Management Index: Insights From 3,000+ Teams. Get The Report.

Get a free shadow AI inventory today

Overdue a password health-check? Audit your Active Directory for free

Discover how phishing kits are sold and deployed. Download the full research report.

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now


Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Cloudflare experienced a significant BGP route leak in early January 2026, stemming from an accidental misconfiguration within their router policies. This incident, mirroring a similar event in July 2020, highlighted vulnerabilities in how internet service providers and large networks manage route propagation, ultimately impacting external networks beyond Cloudflare’s immediate customers. The root cause was the removal of specific prefix lists, leading to an overly permissive export policy that inadvertently accepted all internal (iBGP) IPv6 routes and redistributed them externally. This resulted in significant congestion, packet loss, and approximately 12 Gbps of dropped traffic.

The leak was detected and contained within 25 minutes by Cloudflare’s engineering team, who manually reverted the configuration and paused automation. Moving forward, Cloudflare intends to implement several preventative measures, including introducing stricter, community-based export safeguards, enhanced CI/CD checks for policy errors, improved early detection mechanisms, validation of RFC 9234, and promotion of Route Origin Validation with Policy Information (RPI) Adoption (ASPA). The incident underscored the potential security risks associated with BGP route leaks, where unauthorized parties could intercept and analyze traffic.

The event served as a critical reminder of the complex interdependencies within the global internet infrastructure and the importance of rigorous policy management, automation safeguards, and proactive monitoring to mitigate the impact of routing errors. Furthermore, the repeated occurrence of this type of vulnerability – directly mirroring the 2020 incident – underscored a systemic issue highlighting the need for industry-wide improvements in routing protocol governance and security practices. The ongoing commitment to adopting RPKI and promoting ASPA is viewed as a key component in bolstering overall network resilience and protecting against BGP hijacking attempts.