Incident March 30th, 2026 – Accidental CDN Caching (blog.railway.com)

Railway says an engineer’s CDN configuration change on March 30, 2026 accidentally enabled HTTP caching for a small fraction of domains (about 0.05%) that had CDN turned off. Between 10:42 and 11:34 UTC, some cached GET responses—including potentially authenticated content—could be served to users other than the original requester. Railway reverted the change, purged cached assets globally, and says it has added tests and slowed CDN rollouts to prevent recurrence.