Fluid Attacks incident

Fluid Attacks DB portal unavailable

Critical Resolved View vendor source →
Started
Mar 09, 2026, 03:30 PM UTC
Resolved
Mar 09, 2026, 06:17 PM UTC
Duration
2h 47m
Detected by Pingoru
Mar 09, 2026, 03:30 PM UTC

Affected components

Criteria

Update timeline

  1. identified Mar 18, 2026, 08:23 PM UTC

    The Fluid Attacks DB portal is currently unavailable and cannot be accessed by users.

  2. resolved Mar 18, 2026, 08:26 PM UTC

    The incident has been resolved and the Fluid Attacks DB portal is now fully available and operating normally. Users can access the platform without issues and resume their regular activities.

  3. postmortem Mar 18, 2026, 08:31 PM UTC

    **Impact** At least one user experienced issues accessing [db.fluidattacks.com](http://db.fluidattacks.com), which was not loading correctly in the browser. The issue started on UTC-5 26-03-06 21:48 and was proactively discovered 2.5 days \(TTD\) later by a staff member who noticed that the application failed to render properly due to blocked resources, making the platform unusable. The problem was resolved in 2.4 hours \(TTF\), resulting in a total window of exposure of 2.6 days \(WOE\) [\[1\]](https://gitlab.com/fluidattacks/universe/-/work_items/19249). **Cause** The issue was caused by an incompatibility between a newly implemented caching mechanism and the existing Content Security Policy \(CSP\) headers. While the change worked correctly in the local environment, differences between local and production environments \(specifically CSP enforcement\) caused resources to be blocked in production, preventing proper rendering [\[2\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/97294). **Solution** The change was reverted to restore normal operation of the DB. After stabilizing the platform, the caching implementation approach was revised to ensure compatibility with the CSP configuration before being reintroduced [\[3\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/97355). **Conclusion** This incident highlights the importance of understanding and validating CSP behavior in production environments. Future changes must consider CSP constraints to avoid introducing features that are incompatible with existing security policies. **INFRASTRUCTURE\_ERROR < INCOMPLETE\_PERSPECTIVE**

Looking to track Fluid Attacks downtime and outages?

Pingoru polls Fluid Attacks's status page every 5 minutes and alerts you the moment it reports an issue — before your customers do.

  • Real-time alerts when Fluid Attacks reports an incident
  • Email, Slack, Discord, Microsoft Teams, and webhook notifications
  • Track Fluid Attacks alongside 5,000+ providers in one dashboard
  • Component-level filtering
  • Notification groups + maintenance calendar
Start monitoring Fluid Attacks for free

5 free monitors · No credit card required