GitHub February 2026: Six Incidents, Lessons Learned

TL;DR

• GitHub experienced six major incidents in February affecting Actions, Codespaces, Git operations, and Copilot
• Root causes ranged from database failovers to misconfigured security policies and cache write amplification
• GitHub is implementing monitoring improvements, safer rollout procedures, and infrastructure hardening across affected services

What Dropped

GitHub published its February 2026 availability report detailing six incidents that degraded core services. The outages collectively impacted GitHub Actions runners, Codespaces, Git operations over HTTPS, Dependabot, and Copilot—affecting developers globally across multiple regions and timeframes.

The Dev Angle

The incidents reveal infrastructure fragility in GitHub's compute and caching layers. The February 2 outage knocked out GitHub Actions for nearly 6 hours due to a security policy misconfiguration at the cloud provider level that blocked VM metadata access. The February 9 incidents (two separate cascades) stemmed from a caching mechanism that triggered write amplification, overwhelming the Git HTTPS proxy layer and causing connection exhaustion.

Codespaces took hits on February 12 when an authorization claim change in a networking dependency caused 90% failure rates in non-US regions. A separate LFS archive download issue affected 0.034% of requests at peak.

What matters here: these weren't novel attack vectors or design flaws—they were operational failures in change management, monitoring, and failover automation. GitHub's mitigations focused on detection speed, rollback safeguards, and self-healing infrastructure.

Should You Care?

If you rely on GitHub Copilot or GitHub Actions for CI/CD, February was rough. The Actions outage lasted 5+ hours; Copilot was unavailable during the February 9 incidents. If you push code over HTTPS, you hit failures. If you use Codespaces, you experienced elevated failure rates in specific regions.

If you're on self-hosted runners or use SSH for Git operations, you were largely unaffected—a useful reminder that GitHub's managed services carry availability risk that self-hosted alternatives don't.

GitHub's response is credible: they're adding async cache throttling, improving change validation workflows, fixing the Git proxy's connection exhaustion vulnerability, and updating alerting thresholds. The company is also working with their cloud provider on faster incident response. These are structural improvements, not band-aids.

The real question: does this change your deployment strategy? For teams running mission-critical CI/CD, the February 2 and 9 incidents (totaling 11+ hours of degradation across two days) suggest you should evaluate fallback runners or hybrid setups. For Codespaces users in non-US regions, monitor the February 12 fix closely before expanding adoption.

Source: GitHub Blog