UiPath experienced a major incident on May 1, 2026 affecting Automation Hub, lasting 40m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- investigating May 01, 2026, 11:44 PM UTC
We’re currently experiencing issues with Automation Hub, and some users may be unable to access the service. Our team is actively investigating and implementing mitigation steps. We’ll provide updates as soon as we have more information.
- investigating May 01, 2026, 11:45 PM UTC
We’re currently experiencing issues with Automation Hub, and some users may be unable to access the service. Our team is actively investigating and implementing mitigation steps. We’ll provide updates as soon as we have more information.
- identified May 01, 2026, 11:48 PM UTC
The issue has been identified, and our team is actively implementing a fix. We’re working to restore full service as quickly as possible.
- monitoring May 01, 2026, 11:51 PM UTC
he fix has been deployed, and our team is actively monitoring the system to ensure stability.
- resolved May 02, 2026, 12:24 AM UTC
he issue has been fully resolved, and service has been restored. All systems are now operational.
- postmortem May 26, 2026, 07:47 PM UTC
## Customer impact Between May 1, 2026 at 9:45 pm UTC and May 2, 2026 at 11:20 am UTC, customers using a specific Automation Hub GxP environment were unable to sign in. All sign in attempts failed with HTTP 500 errors, blocking access to all Automation Hub features requiring authentication. **Scope:** Only one specific Automation Hub GxP environment was affected. All other Automation Hub environments remained fully operational throughout. ## Root cause The incident was caused by the expiration of a credential used by Automation Hub's sign in service to authenticate with the identity provider. The credential had been rotated the previous week and the updated value was correctly stored in the secure configuration vault. However, the application services in the affected environment were not restarted after the rotation. These services load credentials into memory at startup and do not refresh them automatically, so they continued presenting the expired credential. The outage was delayed by in-memory token caching—the cached token remained valid for a period after the credential expired. The outage began when the cache attempted to refresh and the identity provider rejected the expired credential. No documented procedure existed requiring a service restart after credential rotations, which directly contributed to the oversight. ## Detection Automated monitoring detected the issue at 9:45 pm UTC on May 1, 2026, when sign in failure alerts triggered for the affected environment. Investigation confirmed that all sign in attempts were returning HTTP 500 errors isolated to the authentication service. The engineering team began coordinating incident response at 10:08 pm UTC. ## Response At 10:28 pm UTC, the engineering team convened to investigate. They confirmed that the updated credential was already in the vault and valid, but the running services had not been restarted to load it. The team redeployed all Automation Hub services in the affected environment using the current production version, ensuring no unreleased features were introduced. Redeployment began at approximately 11:14 am UTC on May 2, 2026. By 11:20 am UTC, sign in was restored and monitoring confirmed a 0% error rate. The incident was formally resolved at 11:25 am UTC. ## Follow-up To prevent recurrence, we are implementing the following improvements: 1. **Automated post-rotation restarts:** Adding automated validation to ensure application services are restarted whenever credentials are rotated, eliminating the manual step that was missed. 2. **Proactive credential mismatch detection:** Deploying monitoring to detect discrepancies between credentials in the vault and those in use by running services, enabling early identification of credential drift. 3. **Proactive expiration alerting:** Adding alerts for credentials approaching expiration that have not been loaded by running services. 4. **Updated operational procedures and documentation:** Updating maintenance procedures to require service restarts after credential changes and enhancing credential management documentation for validated environments. These changes are designed to strengthen our authentication infrastructure, reduce reliance on manual steps, and ensure credential rotations are handled seamlessly.