Thycotic Status

This incident has been resolved.

## Incident Overview On May 20, 2026, a subset of customers in the US, UK, and Canada regions experienced Distributed Engines going offline, which prevented access to secrets that depend on Distributed Engines. Affected customers were unable to launch remote sessions through Connection Manager and could not perform other proxied secret operations during the impact window. * **Start:** May 20, 2026, 11:30 AM Central \(4:30 PM UTC\) * **End:** May 20, 2026, 2:35 PM Central \(7:35 PM UTC\) ## Root Cause and Remediation During the recent patch of Secret Server, the Distributed Engines in US, CA, and UK were not functioning for a brief period due to an incompatibility issue between the new Distributed Engine and the prior Secret Server version. The new Distributed Engine expected a configuration value that the older Secret Server version was not yet providing, which prevented the Distributed Engine from starting up cleanly. The affected Distributed Engines entered a retry loop and could not self-recover until the compatibility issue was corrected. To remediate, the latest Secret Server backend was deployed to the impacted regions, restoring compatibility with the new Distributed Engine. The deployment was completed first in the UK and Canada regions, followed by the US region. Distributed Engines in all affected regions automatically re-established connectivity once the deployment was completed, requiring no customer action. Connectivity was confirmed restored across all three regions at 2:35 PM Central. ## Preventative Actions * Implement forward-compatibility testing for Distributed Engine releases, including a response-mocking harness that simulates a Secret Server omitting newly introduced configuration keys, and a per-PR checklist to ensure new configuration reads are covered by the harness. * Update the Distributed Engine release pipeline to support region-specific deployments, enabling controlled rollout sequencing and tighter regional containment during multi-component releases. * Strengthen automated testing to verify Secret Server compatibility with both the prior and current Distributed Engine versions. We sincerely apologize for the disruption this caused and the inconvenience to your operations. We are committed to preventing recurrence through the above actions.

**Incident Overview**  On May 10, 2026, between 23:47 UTC and 02:48 UTC \(the next day\), some US customers in the East US region experienced intermittent login errors, including 504 timeouts and slow response times. The issue originated at the Ashburn, VA location of our web application firewall \(WAF\) infrastructure, which handles traffic routing for East US region. Service was restored during the incident by rerouting traffic through alternate locations. The Ashburn site was returned to service at 12:00 UTC on May 11, 2026.  **Root Cause**  The outage was triggered by a hardware failure within the Ashburn WAF infrastructure. A faulty optical transceiver caused the primary network link between aggregation switches to become unstable, leading to repeated connection drops. A secondary link that should have served as a failover was already inactive at the time, a condition that had gone undetected due to a gap in infrastructure monitoring. With no functioning backup, the degradation of the primary link disrupted traffic flowing through the site, resulting in the login errors customers experienced.  Two factors extended the duration of impact. First, the monitoring gap meant that the inactive backup link was not visible ahead of the incident. Second, there was a delay in executing the standard failover process \(deactivating the affected site and rerouting traffic\) once customer impact was identified. Both gaps have since been identified and remediated.  **Preventive Actions**  * The faulty optical transceivers on both the primary and secondary network links at the Ashburn location are being replaced, with a spare unit kept on-site to support faster response if needed in the future.  * The monitoring gap that failed to surface the inactive secondary link is being addressed, ensuring both active and backup links are visible to the network operations team going forward.  * Response procedures are being reviewed and reinforced to ensure the site deactivation and traffic rerouting process is initiated promptly whenever significant customer impact is detected.

**Incident Overview** On May 11, 2026, starting at 07:53 UTC, Secret Server Cloud customers in the EU region experienced intermittent failures when launching secrets, initiating proxied RDP/SSH sessions, and making API calls requiring distributed engine communication. The incident was traced to a degradation in the underlying cloud messaging infrastructure in the West Central Europe region. At 13:37 UTC, the degraded performance affecting our services was fully resolved and normal operations were restored. The impact was limited to SSC customers with Distributed Engines. Secret viewing, management, and Web UI availability remained unaffected. **Root Cause** A degradation in the cloud messaging infrastructure in the West Central Europe region caused message subscription management operations to return HTTP 504 Gateway Timeout errors, preventing Distributed Engines from completing initialization and taking them offline. This resulted in timeouts across all distributed engine-routed operations, most visibly secret launches and proxied session initiations. The failure was isolated to the control plane layer of the messaging infrastructure. TCP-level connectivity remained healthy throughout the incident, and the issue was not attributed to any network or configuration change on our side. The issue was mitigated by our Cloud provider rolling back a recent release on the messaging infrastructure that had contributed to the control plane failures. **Preventive Actions** * Expand monitoring coverage for cloud messaging exception rates and Distributed Engine subscription failure patterns to enable proactive detection ahead of customer impact. * Review integration of Cloud provider health notifications into our on-call alerting pipeline to improve visibility into infrastructure events affecting Secret Server Cloud regions. * Assess improvements to Distributed Engine startup and reconnection logic to introduce retry handling with exponential back-off on transient messaging failures, reducing the risk of short-lived disruptions escalating into sustained engine outages. **Lessons Learned** The duration of customer impact during this incident was extended by gaps in our operational response. Specifically: * Limited visibility into cloud provider health events delayed our awareness of the underlying infrastructure degradation, and we did not follow our standard operating procedure to escalate with our vendor in a timely manner. * Acknowledgment of the incident on our status page was delayed, deviating from our standard incident communication process. * This incident reinforced the importance of continual improvements in both our monitoring and situational awareness of our infrastructure, as well as in our engineer training and development. We apologize for the extended impact our handling of this incident had on our customers and on their operations. We continue to take our responsibilities to our customers seriously, and have taken lessons from the handling of this incident to strengthen our processes going forward.

We’re pleased to inform you that the incident affecting the service(s) listed below has been resolved. Our team has implemented a fix, and all systems are now operating normally. We apologize for any inconvenience this incident may have caused, and we appreciate your understanding and support. For any questions or concerns, please reach out to our support team at https://support.delinea.com.

We’re pleased to inform you that the incident affecting the service(s) listed below has been resolved. The load causing the issue has resolved. We apologize for any inconvenience this incident may have caused, and we appreciate your understanding and support. For any questions or concerns, please reach out to our support team at https://support.delinea.com.

We’re pleased to inform you that the incident affecting the service(s) listed below has been resolved. Our team has implemented a fix, and all systems are now operating normally. We apologize for any inconvenience this incident may have caused, and we appreciate your understanding and support. For any questions or concerns, please reach out to our support team at https://support.delinea.com.

**Incident Overview**  On April 24, 2026, a subset of Secret Server Cloud customers in the US region experienced intermittent errors or connectivity issues when accessing their tenants. The disruption was caused by an outage in our cloud infrastructure provider at the East US data center. The issue originated in a single part of the data center but spread to additional areas as traffic was automatically redistributed, extending the scope and duration of the incident. Full-service recovery was confirmed at 00:15 UTC on April 25, 2026.  **Root Cause**  The outage impacted internal networking components that our platform depends on, disrupting connectivity across the environment. These failures contributed to the intermittent HTTP 500 errors experienced by some Delinea customers during the incident window. The issue originated in one of the Availability zones in East US data center and expanded to other zones as traffic was automatically redistributed, broadening the impact. Our team responded promptly, identifying the root cause at our cloud infrastructure provider and redistributing traffic to other zones. As a precautionary measure, our team initiated a failover to a secondary region, but later determined it was no longer needed and safely rolled back with no additional impact. Service was fully restored after our infrastructure team redirected traffic away from the affected nodes within the primary environment, with full recovery confirmed at approximately 00:15 UTC on April 25, 2026.   **Preventive Actions**  * Evaluate multi-availability-zone node pool configurations to improve platform resilience and reduce the impact of localized data center failures.  * Establish clear thresholds and decision criteria for triggering regional failover versus in-region mitigation to improve response speed during incidents.

### Incident Overview On Friday, April 3rd, 2026, a subset of SAML/Federation users were unable to authenticate to their Delinea Platform tenants. The issue was first reported at approximately 5:01 PM ET and was fully resolved by 8:38 PM ET following a rollback of a recent platform update. Tenants using the default SAML issuer configuration were not impacted. Customers with local \(non-SAML\) accounts retained access throughout the incident via breakglass or local admin credentials. ### Root Cause A platform update deployed at approximately 4:20 PM ET introduced a code change that inadvertently caused custom SAML authentication configurations to not be correctly applied for affected tenants. This resulted in authentication failures for tenants that relied on a custom SAML issuer, while tenants using default settings were unaffected. A contributing factor was insufficient test coverage for this specific authentication scenario prior to the global rollout of the update. ### Preventive Actions * A code fix is being implemented to ensure custom SAML authentication configurations are correctly applied in all cases going forward. * Automated test coverage is being expanded to include SAML authentication scenarios with custom configurations to prevent similar issues in future releases.

## Incident Overview  On Monday, March 16, 2026, customers hosted on the Delinea Secret Server Cloud \(SSC\) UK cluster experienced a service disruption that prevented access to the SecretServer endpoint. The Delinea WAF blocked inbound traffic to the affected endpoint as an automated protective response after regional traffic volumes exceeded predefined DDoS threshold limits.  * Start Time: February 16, 2026 – 10:03 UTC  * End Time: February 16, 2026 – 10:57 UTC  ## Root Cause  The incident was caused by abnormally high traffic generated by a single customer Secret Server engine, which exceeded predefined DDoS protection threshold limits in the UK region.  Key contributing factor:  * Engine request spike:` `Traffic from secret-server-engines increased dramatically from a typical baseline of fewer than 100 calls to approximately 27,000 calls, triggering automated DDoS protection mechanisms.  ## Preventive Actions  * The UK site DDoS threshold was temporarily increased to 4500, allowing legitimate but abnormal traffic patterns to be handled while ensuring continued regional protection.  * Enhance monitoring to identify sharp, customer-specific engine call spikes.

Delinea will be upgrading all Cloud Suite pods to version 26.1 HF2 on Saturday, July 18th from 4:00 am to 1:30 pm EDT. Short service disruptions should be expected during this maintenance. Thank you for your patience while this maintenance is performed. If you have any questions or experience any issues, please open a case at https://support.delinea.com or call our support line at +1 202-991-0540.

The scheduled maintenance has been completed.

The scheduled maintenance has been completed.

The scheduled maintenance has been completed.

The scheduled maintenance has been completed.

The scheduled maintenance has been completed.

The scheduled maintenance has been completed.

The scheduled maintenance has been completed.

The scheduled maintenance has been completed.

Maintenance has been completed successfully in both the US and EU regions. Platform Connectors have recovered and re-established connection to our services as expected. Thank you for your patience during this maintenance.