Nexcess Outage History

Multiple cloud hosts in Nexcess's US-Midwest-1 region experienced a major outage caused by a DDoS attack, lasting approximately 23.4 hours. The incident affected all servers in the region, causing service disruptions for customers hosted in that location. Network engineers successfully mitigated the DDoS attack and applied fixes to restore normal operations across all affected servers.

Nexcess identified a potential "PolyShell" unrestricted file upload vulnerability affecting Magento and Adobe Commerce platforms in their managed environment. The security issue impacted their platform updates and other components for 6.2 hours while teams assessed potential exposure across customer sites. The incident was resolved by implementing measures to prohibit execution of files that could exploit this vulnerability across their entire managed fleet.

The ClamAV service experienced disruption due to a problematic signature update that caused clamd restart failures. This affected Maldet scans and potentially caused mail delivery failures when the ClamAV service was not running. The issue was resolved by the System Engineering team within 12 minutes.

Nexcess experienced a service interruption affecting four specific cloud host servers in their US-Midwest-2 data center for 5.6 hours. The engineering team identified the root cause and implemented a resolution to restore normal service operations. All affected servers are now operating normally.

Nexcess experienced a connectivity issue affecting servers in the UK South 2 region and internal DNS resolvers, causing DNS resolution failures, slow site responses, and connectivity problems with containers and APIs on customer sites. The incident lasted 97.4 hours with intermittent connectivity latency throughout the outage period. Engineering and networking teams implemented fixes and mitigation measures to address elevated traffic levels, successfully stabilizing the environment with all systems returning to normal operation.

Nexcess experienced a service disruption affecting a subset of Cloudhosts on a KVM node across multiple regions including us-midwest-1, us-west-1, uk-south-2, nl-west-1, and au-south-1. The issue impacted the availability and functionality of affected cloud hosting services for customers in these regions. The problem was resolved within 11 minutes, with all Cloudhosts restored to normal operation.

Nexcess identified a critical vulnerability (CVE-2026-27384) in the WordPress W3 Total Cache plugin affecting versions 2.9.1 and older, which required immediate patching to version 2.9.2. The Nexcess team applied patches across all managed systems where possible, but some sites couldn't be updated due to WordPress or PHP version compatibility constraints. The incident was resolved after 84 hours once all viable patches were deployed and affected clients with compatibility issues were contacted directly with upgrade recommendations.

A network error caused degraded performance for a subset of Elasticsearch containers in Nexcess's us-midwest-2 region. The issue affected Elasticsearch container operations and lasted 5.2 hours. The team identified the root cause, implemented a fix, and confirmed sustained stability before marking the incident resolved.

Nexcess experienced a major network/server issue affecting multiple cloud hosts in their US-Midwest-2 region for 2.1 hours. The incident impacted cloud hosting services and required active investigation by the engineering team to identify the root cause. All affected services were restored to normal operation, with continued monitoring to ensure stability.

The Acronis Cyber Protect Cloud service in the USA (US5) data center experienced degraded performance for 27.5 hours, preventing some customers from accessing Acronis Web Restore, Cyber Protection Console, and Management Console. The issue recurred after an initial fix was implemented, requiring additional corrective measures from the Acronis Cloud team. The incident was ultimately resolved with sustained monitoring to ensure platform stability.