Customer Services
Fastly will be performing scheduled maintenance on the Fastly Support portal on March 18, 2026, from 14:00 to 18:00 UTC (240 minutes).
What to expect
During this 4-hour window, the Support Portal will be offline. Attempting to log in during this time will result in an error.
No action is required on your part. This maintenance is fully managed by our team.
How to reach support
While the portal is down, our Support team remains fully staffed and available. We do not anticipate any negative impact on our support response times or SLAs.
If you need assistance during the maintenance window, please use our alternative channels:
Email: support@fastly.com
Chat: Available through your standard Support Chat channels.
Community: Visit our Fastly Community for answers to common questions and the latest updates.
The scheduled maintenance has been completed.
To offer feedback on our status page, click "Give Feedback"
We have released an update to the Fastly status page that introduces private notifications for security maintenance and incidents. To access these private components and their detailed alerts, you may sign into www.fastlystatus.com using your existing manage.fastly.com credentials.
As applicable, private component status updates will automatically route to your provide #fastly-{{customer}} support chat channel without any further action being required by our customers. Support teams can help you unsubscribe at the support chat channel level should you wish to be omitted from these notifications.
For full details on how this works and what it means for your workflow, read our blog post: Enhancing security and transparency.We are scheduling updates to the Fastly status page for February 24, 2026 to enable private notifications for security maintenance and incidents.
This update will not change your current support experience. You will continue to receive alerts in your #fastly-(customer) Slack channel without interruption.
If you are interested in learning more, our support and account teams have an FAQ available regarding these upcoming changes. We will also release a blog post and update our status page documentation following the conclusion of this maintenance.
The scheduled maintenance has been completed.
We're currently investigating performance issues with our Fastly Docs, docs.fastly.com webpage.
Our Network availability and our ability to deliver on all other products and services are unaffected by this event.
We are investigating elevated errors when users attempt to access our Support Ticketing System. This does not impact Fastly's ability to provide support our customers.
Our core delivery services and network are fully operational.
All other products and services are unaffected by this incident.
Our engineers believe they have identified contributing factor causing the issue impacting the Support Ticketing System status page component.
We are now developing a fix, and will post a new update once it has been fully implemented and we see signs of recovery.
All other products and services are unaffected by this incident.
Engineering has confirmed the impact to our Support Ticketing System
has been mitigated.
Our engineers have identified an additional contributing factor and are developing an adjusted mitigation strategy to our Support Ticketing System.
All other locations and services are unaffected.
Engineering has confirmed that our Support Ticketing System has been fully restored. Customers may have experienced issues logging into the Fastly Support Portal from January 10th, 2026, 00:38 to January 15th, 2026, 18:27 UTC.
This incident is resolved.
To offer feedback on our status page, click "Give Feedback"
Status Post, Created Date/Time: 2026-01-15 19:02:00 UTC
Note: Our Customer Escalation Management team will update the start date and time of the initial "investigating" status post upon the resolution of this incident. This update is meant to provide our customers and their end users with a potential impact window. The date and time mentioned in the message above indicates when the status post was requested by our Acute Incident Response team.
The Fastly Security Team, in coordination with Vercel, AWS, Next.js, and Meta, are issuing this urgent security advisory regarding a newly discovered, critical vulnerability in the React framework. The Next.js CVE-2025-66478 and React CVE-2025-55182 were published today, the 3rd of December 2025 at 15:54 UTC.
What Happened
On the 1st of December 2025, Vercel notified Fastly of a critical-severity unauthenticated Remote Code Execution (RCE) vulnerability that was responsibly disclosed to Meta, affecting React’s “Server Function" protocol.
The vulnerability impacts applications utilizing React Server Components (RSC) functionality via the following common frameworks/plugins:
- Next.js versions 15 and 16 (when using App Router)
- React Router RSC preview
- Parcel RSC plugin
- Vite RSC plugin
As of this notification, Fastly does not have knowledge or evidence of this vulnerability being exploited in the wild.
However, some customers running workloads using Fastly Compute, specifically those using the affected React versions and RSC implementations listed above, may be at risk. We encourage all Compute customers to refer to the identification and mitigation steps described in the next section.
What You Can Do
Next-Gen WAF (NGWAF)
To mitigate risk for your applications protected by NGWAF, we recommend that you immediately apply the Virtual Patch for CVE-2025-66478 (which also addresses CVE-2025-55182) to all Edge and On-prem services that may be vulnerable. The detection content within this CVE-specific Templated Rule looks for specific patterns within request headers and POST bodies that may indicate potential exploitation attempts of this CVE. Fastly’s Security Research team developed and tested this content in close collaboration with Vercel and AWS.
Compute
To mitigate risk for Compute Services, we recommend that you take the following steps:
Inventory and Identification: Identify all applications within your environment that are using the affected React versions (19.0, 19.1, and 19.2) in conjunction with any of the listed RSC implementations:
- Next.js 15, 15.1, 15.2, 15.3, 15.4, 15.5, 16
- App Router
- React Router RSC preview
- Parcel RSC plugin
- Vite RSC plugin.
One method for identification is to perform a targeted search across your codebase for the relevant package dependencies in the package.json file. Efficient methods include:
- GitHub/Code Search: Use tools like GitHub's code search functionality.
- Command-Line Tools: Use grep or similar tools for local/private repositories.
Patching and Deployment: The affected React versions are 19.0, 19.1, and 19.2. Immediately deploy the official, stable patched versions released today, the 3rd of December 2025. The React 19 patch will be published for 19.2. The affected Next.js versions are 15 through 16, and patches will be published for versions 15, 15.1, 15.2, 15.3, 15.4, 15.5, and 16.
What We Did Immediately
Fastly initiated an internal investigation for our core platform infrastructure and has found no indication that we are directly vulnerable as of the date of this advisory. This includes our Compute platform itself; as described earlier, due to Compute’s sandboxed architecture, any apps that are not vulnerable to this bug will be protected even if neighboring apps are malicious or compromised.
In close partnership with Vercel, AWS, and Meta, our security research team began developing NGWAF content ahead of disclosure to provide protection for our customers as soon as the patch is applied. Fastly is currently investigating additional ways we can detect and block attack traffic as a result of this announced vulnerability. We will continue to develop and refine relevant NGWAF content as we observe exploitation attempts.
Customers with any questions or concerns may engage with our Support team through https://support.fastly.com or by contacting your designated account management team members.
Following further investigation and evaluation of the React2Shell vulnerability, and in response to widespread exploitation attempts, Fastly is implementing a default block for requests matching the attack signatures within NGWAF.
This action provides our NGWAF customers with enhanced defence against this emerging and urgent threat. No action is required on your part to benefit from this added protection.
We continue to encourage all customers to update any affected applications as soon as possible.
Customers with any questions or concerns may engage with our Support team through https://support.fastly.com or by contacting your designated account management team members.
On the 11th of December 2025 CVE-2025-55184 and CVE-2025-55183 were published; unlike React2Shell, these vulnerabilities do not allow for Remote Code Execution.
CVE-2025-55184 facilitates a Denial of Service in which an attacker can force a vulnerable application server into an infinite loop by crafting a specific request.
CVE-2025-55183 facilitates a leak of React Server Function source code. This CVE is likely not a high impact for you unless you are using React Server Components and have sensitive or proprietary information contained in React Server Function source code.
What We Did Immediately
After receiving initial information from Vercel and Meta about CVE-2025-55184 and CVE-2025-55183, Fastly developed and deployed a Virtual Patch for each CVE in blocking mode by default for all Fastly NGWAF customers out of an abundance of caution. If you wish to disable this virtual patch, please refer to our documentation.
We continue to encourage all customers to update any affected applications as soon as possible.
Customers with any questions or concerns may engage with our Support team through https://support.fastly.com or by contacting your designated account management team members.
CVE-2025-67779: Complete DoS Fix
The fix addressing CVE-2025-55184 in React Server Components was incomplete and did not fully prevent DoS attacks in all payload types. CVE-2025-67779 addresses those additional payload types.
The Fastly NGWAF already covers this addendum CVE with our existing detection of CVE-2025-55184. We recommend upgrading any React and Next.js apps to patch this issue as well.
We continue to encourage all customers to update any affected applications as soon as possible.
Customers with any questions or concerns may engage with our Support team through https://support.fastly.com or by contacting your designated account management team members.
We are seeing a possible error or delay in message propagation within our Support Chat Systems, caused by a third party service provider issue. The provider has shared information on their status page.
Our ability to provide support through support@fastly.com is unaffected by this incident, if you are experiencing delayed responses in your dedicated support chat channel, please switch to email methods to ensure prompt response by our support team. Network and Security products remain unaffected by this third party provider event, and services continue to be delivered to our customers.
We will continue to monitor the providers status page and report once Support Chat Systems are no longer at risk of impact.
We are seeing a possible error or delay in message propagation within our Support Chat Systems, caused by a third party service provider issue. The provider has shared information on their status page.
Our ability to provide support through support@fastly.com is unaffected by this incident, if you are experiencing delayed responses in your dedicated support chat channel, please switch to email methods to ensure prompt response by our support team. Network and Security products remain unaffected by this third party provider event, and services continue to be delivered to our customers.
We will continue to monitor the providers status page and report once Support Chat Systems are no longer at risk of impact.
Our third party service provider has confirmed that mitigations have been deployed and they are monitoring for any further impact to Support Chat Services.
We will continue to monitor until they have confirmed all services have been fully restored.
Our ability to deliver all other services remains unaffected by the third party providers incident.
We are issuing an urgent advisory regarding an incompatibility between Compute services and the newly released Rust version 1.91.
Action Required
We strongly recommend that you DO NOT upgrade to Rust version 1.91 at this time.
What Happened
We first identified this incompatibility in our testing environment on the 30th of October 2025, and have since confirmed the same Compute crash behavior in our production environment.
Incompatible Version: Rust 1.91
Compatible Version: Rust 1.90 and below (Previous Stable Versions)
Impact: Using Rust 1.91 with Compute may lead to crash behavior, which will impact your traffic on Fastly.
What’s next? What do I have to do?
If you have already upgraded your services to Rust version 1.91, you must immediately downgrade to the previous stable and compatible version, Rust version 1.90, to prevent or resolve any impact to your traffic.
We are actively working on a fix to ensure compatibility with Rust version 1.91 and will provide an update as soon as a fix is available. Thank you for your patience and understanding.
Customers with any questions or concerns may engage with our Support team through https://support.fastly.com or by contacting your designated account management team members.
The Fastly status page https://fastlystatus.com is currently unavailable. Our vendor has advised that the issue is related to an ongoing incident with Azure Portal and they are working to fully restore https://fastlystatus.com . As a temporary workaround our vendor has shifted our status page to https://fastly.status.page .
All other Fastly services are unaffected by this event.